Lately we've seen a lot of spam being sent by compromised mail accounts. The spammers either guess a password or trick a person into providing their password, then use that to send out spam.
When this happens with your account, we end up locking it. The server itself may temporarily have it's reputation lowered, and mail is blocked by many networks. Occasionally the server may even end up on blacklist.
Traits of this SPAM
From our perspective on the server, the spam:
- Comes from random machines on the Internet
- Uses a valid (eg. your) username and password
- Is sent to many valid recipients
The two factors we have to identify that traffic are:
- The actual message contents (it's spam, and often exact or similar content)
- The rate at which it's sent is much higher than normal email for most users
What We're Doing Now
We have put sender-based rate limiting in place. Ie. we're addressing #2 from the above list. This is the low-hanging fruit.
We're still tweaking the actual limits we're allowing/using, but so far this has been pretty effective in stopping the effects of these spam runs.
What We'll Have to Do
A better solution would be to scan all outgoing mail and build a per-address reputation based on that. This should be able to catch the problem a little sooner, and will be the only option if spammers start reducing the rate they send spam to be below our threshholds. However, this will take a more complex system to implement, so probably won't be done unless/until needed.
What Can You Do?
Set a good password!
In particular, right now we're seeing a lot of scans for 6 specific passwords, based off your email address. If your address is
firstname.lastname@example.org, definitely avoid these passwords:
Don't give your password out!
Learn some of the techniques scammers use. We won't ever email you asking for your password. Your bank won't email you asking for your account information. Don't let people trick you out of your password!