Ropemaker attack allows hackers to turn an apparently harmless email into a malicious one after it has already been delivered to the victims inbox. The attack abuses Cascading Style Sheets (CSS) and Hypertext Markup Language (HTML) that are fundamental parts of the way information is presented on the Internet. The attacker, for example, can change an embedded URL bypassing spam and security filters. Experts dont exclude the attack is being used somewhere outside the view of Mimecast”]
Source: http://securityaffairs.co/wordpress/62310/hacking/ropemaker-attack.html