If you receive a suspicious or malicious email from an address you know, there is a chance that their email address or server was compromised.
Hackers make money by selling email lists to companies and individuals that send unsolicited email (spam) and email blasts. It is becoming more and more common for un-secure email accounts to get hacked. Yahoo, for example, is notorious for being hacked. When legitimate email addresses are hacked or spoofed, it can be particularly difficult for spam filtering to identify their messages as threats until they start exhibiting suspicious or malicious behavior.
If you have been getting little to no spam at EnGuard, and suddenly are bombarded with spam. Odds are, one of the people you communicate via email with has been hacked. And now these spammers have added your email address to 100's or even 1,000's of spam sending servers. Behind the scenes, we stop tons of spam everyday, but even the best anti-spam filters cannot block a large scale, zero-day attack since new compromised servers come online every minute.
Hackers will do three things once they gain control of an email account:
1. Steal information from emails such as passwords, logins, and other personal data.
2. Use the account to send a one-time mass mailing of spam before the email service provider shuts it down or the server is blacklisted.
3. Obtain all email addresses in the address book to compile their email lists for sale.
Another way you can end up on spam lists is by clicking the unsubscribe link in one spam messages. Since it is "spam" coming from an illegitimate sender, by clicking "unsubscribe" you may actually be adding yourself to 100's or even 1,000's of spam lists. You should only use unsubscribe links from well known, legitimate companies, in emails that do not appear suspicious.
Lastly, make sure your email address is not publicly exposed on any web sites. Spammers run crawlers the same way search engines do to gather and collect as many exposed email addresses as possible on the internet. See our other tutorial for more information about increased spam.
What to do about significantly increased spam after the fact:
Unfortunately, if you are already seeing a significant uptick in incoming spam messages, the damage has likely already been done. The spambots or spammers that harvested your address from the website can relentlessly add your email address to new spam mailing lists, indefinitely. Often, by the time a spam sending server is blacklisted, it is already too late for our spam filters (or any spam filters) to block them.
If you are a victim of a spam attack:
1. We can turn on "greylisting" for your account. Greylisting blocks a message on the first attempt and forces it to be redelivered at another time. Since spam sending servers normally blast a message out just once, this is a very effective way to block those messages. Legitimate email servers will retry several times before bouncing the message. The only downfall is all legitimate senders will also be blocked and their emails to you will get delayed on the first attempt. When a message is delivered a second time, we will whitelist their IP address for 36 days, during that time they can email you without any further delays.
2. You can setup a content filtering rule inside webmail to block all incoming emails. Then one by one, add email addresses to a list of allowed senders. You must keep this list up to date, failure to do so will result in many bounced messages. You also run the risk of missing critical messages from people that you do not add in time.
3. Change your email address. This will stop all the spam and legitimate senders will have your new email address. With careful practice and safeguarding of your new email address, hopefully you will not be the victim of another spam attack.
Please contact our support team if you suspect your account is the target of a spam attack.
You can use another email address to contact us if you suspect yours may be compromised or is unusable due to the influx of spam.
Addressing One-Off Spam Messages (in Webmail)
In addition to making sure your email address is not listed publicly on a website, all email users can always adjust their own spam filtering for case-by-case instances of unsolicited messages. You can mark messages as spam and block the sendersyourself by right-clicking on any message and selecting the option. To address persistent instances of spam with our support team, contact us via email and please include all of the following details:
- Which address is receiving the spam message?
- What is the sending address of the spammer (what does it appear to be)?
- When was the most recent instance of this spam (day, time)?
- What is the message subject?
- Do not forward the spam to us. We will not open it.
- Do not delete or open any contents of the spam message. Instead, flag it and move it to your Junk E-Mail folder.
We can potentially analyze the message code and header information to help you identify and block its source.