SPF passed. DKIM passed. DMARC passed. The email looked like a legitimate event confirmation from lu.ma, a popular event hosting platform used by thousands of organizers worldwide. It arrived through Amazon SES, signed with valid cryptographic keys, and landed in the inbox of an employee at a technology firm with a polished HTML template, Apple Wallet ticket, and calendar invite attached.
Every traditional authentication gate gave it a green light. The single anomaly that exposed the entire operation? A Reply-To header pointing to leetwito@gmail[.]com.
The attacker registered a fictitious event called "LangTalks AI Engineering Conference 2026" on lu.ma (luma.com), a legitimate event hosting and ticketing platform. The supposed conference was scheduled for May 4, 2026 at Habima Theatre in Tel Aviv, complete with a full event page, social sharing links, and app download prompts.
The subject line read: "Registration approved for LangTalks AI Engineering Conference 2026." This is a clever inversion of standard phishing tactics. Instead of asking the target to register, the email tells them they have already been approved, creating a sense of exclusivity and reducing the friction that typically triggers suspicion.
The AI engineering theme was deliberate. With generative AI conferences proliferating in 2024 and 2025, attackers are exploiting the hype cycle to target tech-savvy professionals who regularly attend such events. The lure was tailored, timely, and topically irresistible.
This attack represents an increasingly common pattern: trusted third-party relay abuse. Rather than spoofing a sender domain or standing up their own mail infrastructure, the attacker used lu.ma's native email pipeline to deliver the phishing message.
Here is what the authentication chain looked like:
| Check | Result | Detail |
|---|---|---|
| SPF | Pass | amazonses.calendar.luma-mail[.]com designated 54.240.86[.]196 as permitted sender |
| DKIM | Pass | Valid signatures for calendar.luma-mail[.]com and amazonses[.]com |
| DMARC | Pass | header.from=calendar.luma-mail[.]com aligned with policy |
| Sender | langtalks@calendar.luma-mail[.]com | Legitimate lu.ma subdomain |
| Return-Path | amazonses.calendar.luma-mail[.]com | Consistent with SES configuration |
Every relay hop, from Amazon SES outbound (a86-196.smtp-out.us-west-2.amazonses[.]com) through Microsoft 365 frontend transport, validated cleanly. A secure email gateway evaluating this message on authentication alone would have no reason to flag it.
This is the core problem with authentication-only trust models. SPF, DKIM, and DMARC verify that a message came from an authorized sender for a given domain. They do not verify intent. When a legitimate platform sends a message on behalf of a malicious actor who registered an account on that platform, authentication becomes a shield for the attacker rather than a defense for the recipient.
The Microsoft Digital Defense Report 2024 documented a surge in attacks leveraging legitimate services to bypass email security controls. This case is a textbook example.
The From address (langtalks@calendar.luma-mail[.]com) was legitimate. But the Reply-To header was set to leetwito@gmail[.]com, an external Gmail account controlled by the attacker.
This is a simple but effective technique mapped to MITRE ATT&CK T1566.002 (Phishing: Spearphishing Link) and T1656 (Impersonation). The attacker never needed to compromise lu.ma's infrastructure. They simply created an account on the platform (T1585.002: Establish Accounts), registered a fake event, and configured the Reply-To field to intercept all responses.
Any recipient who replied to confirm attendance, ask logistical questions, or request speaker details would be communicating directly with the attacker. From there, the conversation could pivot to credential harvesting, wire transfer requests, or malware delivery.
This is where behavioral analysis made the difference. IRONSCALES adaptive AI flagged the message as a first-time sender with high-risk characteristics and quarantined the mailbox within four seconds of delivery. The incident was automatically resolved as phishing, not because authentication failed, but because the behavioral signals (Reply-To mismatch, zero prior communication history, anomalous sender profile) overrode the clean authentication verdict.
The email included two attachments:
| File | Type | Size | Verdict |
|---|---|---|---|
| LangTalks AI Engineering Conference 2026.pkpass | application/vnd.apple.pkpass | 13 KB | No malware detected |
| invite.ics | text/calendar | 1.4 KB | No malware detected |
Neither file contained executable payloads. However, both carried tokenized URLs (hxxps://luma[.]com/slude1kk?pk=g-PgzZLB3BPHlGznz) and the .pkpass file included an authenticationToken tied to hxxps://api.lu[.]ma. These tokens enable per-recipient tracking, confirming which targets opened the wallet pass or clicked the calendar entry. The IBM Cost of a Data Breach 2024 report notes that phishing remains the costliest initial attack vector, and reconnaissance via tokenized tracking is a common precursor to more targeted follow-up attacks.
See Your Risk: Calculate how many threats your SEG is missing
Detection in this case did not rely on SPF, DKIM, or DMARC failure, because there was no failure. Behavioral layers (first-time sender status, Reply-To domain mismatch, absent communication history, high-risk sender profile) are precisely what catch attacks engineered to pass every traditional email security gate. That distinction shapes three priorities for defenders.
Reply-To divergence is a high-fidelity signal. When the Reply-To domain does not match the From domain, especially when one is a platform address and the other is a free email provider, that mismatch should trigger elevated scrutiny regardless of authentication status.
Platform-relayed phishing will increase. Attackers are shifting to "living off trusted platforms" because it neutralizes domain reputation, authentication checks, and IP blocklists simultaneously. Security teams should monitor for first-time sender events from third-party platforms that include Reply-To redirects.
Authentication is necessary but not sufficient. SPF, DKIM, and DMARC remain essential hygiene. But when the FBI IC3 2024 report shows business email compromise losses exceeding $2.9 billion annually, it is clear that authentication alone cannot be the last line of defense. Behavioral analysis, anomaly detection, and human-in-the-loop verification close the gap that authentication leaves open.
The conference was fake. The authentication was real. And the four-second quarantine was the difference between a contained incident and a compromised mailbox.