Because there are so many free email providers, and email can be easily faked, spammers have made our lives miserable pretty much since the dawn of the internet. With spam, same as with hacking, you're always having to play catch-up. When you prevent one type of spam, the spammers find another way to slip through, and the problems begin again.
Similarly, web hosts and ISPs look for ways to cut out spam, as this not only angers their clients, but also causes a great deal of stress on the server. Our server receives literally thousands of spam emails a day. To add to that, there are an equal number of hackers attempting to access the email accounts of those same clients.
This is where the biggest issues can arise. When people think of spam, they think that it's some person sitting at a computer in a dark room sending out thousands of spam emails to them.
The sad fact is that the spam you get is not coming directly from the spammers themselves, but more likely from the hacked email accounts of people and companies just like you.
One of the clients on our server was unlucky enough to experience this first hand when a hacker used brute force to discover their extremely simple mailbox password. Even though our server has a "three tries and you're blocked" policy, hacker programs just changed IP addresses and kept trying. Brute force is literally as it sounds; the hacker starts a program that works through lists of words, trying them as passwords until it finds one that works.
Once the hacker had gained access to our client, they used his email address to send out about 7,000 emails in the 15 minutes it took for our server to report the sudden increase in mail, and for us to get in and stop it. By the time we were able to do anything, the damage had been done.
Because spam is such a nightmare, there are systems in place on the internet that try to help identify and block it.
There are several global spam databases, called spamhauses, which keep track of email addresses, domains, and IP addresses which have been identified as known sources of spam. Unfortunately, the only way to deal with the millions of spam emails circling the globe on a daily basis is to automate the process.
These lists are added to by spam detector software on the receiving server, and also by mail users themselves who click 'mark as spam' on their inboxes.
If your email account is hacked and used to send out spam emails, you can find yourself on one of these lists very quickly.
Unfortunately if you are added to such spam lists, it does not just affect your email accounts, but also any other businesses who may share the same IP address.
The most important thing you can do is to never
click links within emails, even if they appear to be from
people or companies you trust. This goes double for
emails saying that you must verify login details
for financial institutions. Those can harvest
your login information in seconds.
After our client's email was hacked, other clients started experiencing issues sending emails. We had no choice but to move all clients to a new server.
How can you avoid potential issues like this? The most important thing you can do is to never click links within emails, even if they appear to be from people or companies you trust. This goes double for emails saying that you must verify login details for financial institutions. Those can harvest your login information in seconds.
Equally important, you should never use a real word, or worse a real name, as your password. That is asking for a heap of trouble. Name passwords are among the first words used by hacking programs. Sometimes hackers don't even use programs if they are targeting a particular person.
Even before using brute force software, hackers can easily start by finding you on Facebook and looking through your contacts for the names of your parents, spouse, children and animals. You wouldn't believe the number of people who use their dog's or child's name as a password.
Your host should also make sure that you have Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) activated on your account. This helps to verify you as a legitimate mail sender, and helps your domain reputation.
They should also implement a login failure blacklist system. Our server is set to completely block an IP after three failed attempts. Even though clients may typo their password while using webmail and need to call us to be unblocked, they appreciate the security measures.
If you have concerns with your web presence, 2014 is the perfect time to look into our WebUpdate system sites, which take advantage of advanced marketing, SEO and promotion features to give your business the best competitive edge online.