Possible privacy breach by Comodo

We have given Comodo 3 days to respond to this question without an answer. So we now feel obligated to inform everyone on this forum of a potential privacy breach.

On Tuesday one of our customers alerted us to entries appearing in their Outgoing ASG log which indicated that copies of some customer emails were being sent to the email address casg-spam@casg.info (see attached).

We asked Comodo to explain what these were and have received no response. We can only presume one of their developers secretly added this in so they can capture outgoing emails to help diagnose problems. In principal we do not have an issue with assisting Comodo in this way, but if this is correct then it should never have been implemented without first asking permission of the customers.

Make of this what you will. Our customers have instructed us to seek legal advice on the matter, yet more time and $ down the drain because of this.

Hi Ossie44,

First of all, we are very sorry for this inconvenience about waiting for 3 days. Our support team has been temporarily very busy in this week about some email traffic blocker issues of some our customers. So that they could have a chance to reply your request today. Even so, we will improve ourselves to give much quicker support services to you.

In addition, let me reply and clarify this issue from here for all other our forum followers.

These entries were created when some of customer outgoing messages were blocked as spam. For every such a message our system generated notification to casg-spam[at]casg.info hence those additional log records. This address was created by Comodo ASG to monitor possible spam outbrakes generated by some of our customers. This is one of our main duties to protect all our customers. Thus, there is no any unauthorized access to any of your emails from any developers inside or outside.

Besides, this necessary sending process is also defined under the Permission part in our End User License Aggrement. If you want to review, you can see our EULA in your ASG admin portal under the Customer Management main menu.

However, according to your valuable feedback, to prevent such these disambiguations we plan to update this casg-spam[at]casg.info address to admin[at]antispamgateway.comodo.com now. This name would be better to feel comfort for all customers.

Thanks for your feedback

Hi Oyten, 3 points:

1 - It would have been sensible to inform your customers this was going to take place so they didn’t get alarmed when they started seeing emails being forwarded to a mystery address. It was suggested by one of our customers who found the issue that your systems may have been hacked.

2 - It should not 3 days to respond to a simple request such as this, that only adds to the concern that something is not correct. We appreciate your support team is busy, but that was self inflicted due to poor planning of the unannounced upgrade we were part of on 26th June. It also added an enormous work load to our support team and delayed other projects.

3 - Where is the EULA you refer to? Our solicitor has reviewed the agreement from the time when we first subscribed and it contains no wording indicating that the contents of emails may be viewed or used by your staff for diagnostic purposes.

Hi Ossie,

Let me reply your concerns.

1- I aggree with you that we should be more clear to inform you and your customer also. To achieve this, we changed the related address name to a better name of address. Moreover, we will be highlighting this information in our EULA and also product help pages.

2- This temporary workload was not related to upgrade process related to product infrastructure. This was occured due to some email traffic blocker issues of some our customers as I mentioned above. The response time was higher than normal because of this.

3- You can see the product EULA in your ASG admin portal under the Customer Management main menu.

We are very sorry for this inconvenience again.


Thanks for the reply, 6 weeks after I posted my last message.

Damage control 101 we assume.