SurgeMail Archive: Re: Re: [SurgeMail List] customer email account hijacked

Subject:	Re: Re: [SurgeMail List] customer email account hijacked - anything i can do?
From:	Case Hugo
Date:	03-Jul-2012
Thank you, Where does one add to this list? ----- Original Message ----- From: Support To: Case Hugo ; surgemail-list@netwinsite.com Sent: Tuesday, July 03, 2012 2:25 PM Subject: re: Re: [SurgeMail List] customer email account hijacked - anything i can do? There is a setting you may find interesting: G_SPAM_PHISHING "true" It enables a kind of global version of this, it fetches the global list of known phishing addresses and if any of your users emails one of these addresses it bounces the email to stop them. I am unsure of how effective this method is. I suspect phising addresses have such a short life time it may be of little value, but by all means give it a whirl. ChrisP. What I did regarding this phishing is that I have several customers who are smart enough to ask me. I get the email and then add a redirect for that email address to my email address. Thus is some other customers replies, only I get the email. However this only gets some of the phishing attempts. Now if we all collect a list and share among us we could be more effective. ----- Original Message ----- From: Support To: David Camm ; surgemailHIDDEN@etwinsite.com Sent: Thursday, June 28, 2012 2:57 PM Subject: re: [SurgeMail List] customer email account hijacked - anything i can do? Yes this is very common now, the hackers use phising and straight guessing to get accounts and then send spam. Some settings you may find useful are listed here, we've tried to add a lot of tools to make it possible to protect yourself and to get a warning when it happens. http://netwinsite.com/surgemail/help/spam.htm#hackers Be aware some measures will occasionally cause your own users confusion so you have to balance how much protection you want with how much your users can cope with :-) ChrisP. just got a call from a customer. he's getting a huge number of non-delivery notices for emails he did not send. none of the 'to' addresses are in his address book so it's not a trojan or virus on his workstation. i looked at a few of the returned messages and they all look like this: X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=77.222.42.120; THIS IP IS DIFFERENT ON EACH MSG Date: Thu, 28 Jun 2012 21:30:40 +0300 From: Paul DeLay <HIDDEN@r@onebrainmarketing.com> THE NAME IS DIFFERENT ON EACH MSG Organization: mbpdsy X-Priority: 3 (Normal) Message-ID: <744914006HIDDEN@28213040@onebrainmarketing.com> To:HIDDEN@baker884.fsnet.co.uk Subject: Look at Pic No. 776 MIME-Version: 1.0 Content-Type: text/plain; charset=us-asciislplavsic Content-Transfer-Encoding: 8bit X-Authenticated-User:HIDDEN@r@onebrainmarketing.com then there's some nasty text. i had him change his password immediately. looking at the outbound queue, there are still a few message from him awaiting delivery. they all have different 'from' ip addresses. i've deleted them. since we're very strict about requiring authentication for smtp, the only thing i can think of is that his password was guessed. anyone have any ideas as to how this can be prevented - other than strong passwords? david camm advanced web systems keller, tx ------------------------------------------------------------------------------ Sent with YesImOnline email client http://yesimonline.com/yes (free client) Sent with YesImOnline email client http://yesimonline.com/yes (free client)

Last Message | Next Message


Search website: