How Can We Help?
< All Topics
Print

Advanced Techniques: Detecting and Mitigating Compromised Accounts in Smarter Mail

Spammers often send excessive spam through compromised accounts, leading to issues like domain blacklisting and IP address blacklisting. The most common method is using a weak and insecure password, which can compromise an account and cause significant security risks.

a) How do I find the compromised account by reviewing the Spool Dashboard in Smarter Mail ?

1. First, log into Smarter Mail as an administrator.

2. Then, click Spool in the Manage section navigation pane.

3. Afterwards, check the “Top outbound senders” section in the “Overview” tab to detect anomalies in outbound delivery. If compromised, the compromised account may be the first to deliver the most spools.

4. Next, use the Spool tab search bar to find messages from suspicious user accounts to determine if a message is a valid email or spam. Alternatively, click the Actions menu in the spool overview to move messages to their own server folder and view them.

5. Then, use the Delete Messages action when a user’s message is found to be in the spool to delete spam messages.

6. To temporarily disable an account that has been compromised, use the Disable User action to prevent future emails from being sent. Alternatively, navigate to user settings and change the user status to “Disabled and don’t allow mail“.

7. After that, the “Top outbound IP addresses” section should be checked for anomalies in outbound delivery, as spammers can send messages from multiple user accounts for authentication.

8. Next, repeat steps 5 and 6 to verify the message’s legitimacy and take the necessary action.

9. Finally, the Blacklist IP action is used to add an IP address that is in violation to the STMP block list, which is only blocked on SMTP.

b) How do I find the compromised account by reviewing reports ?

1. First, log into Smarter Mail as an administrator.

2. Then, click the Reports icon.

3. After that, select Message Traffic and change the mode from Trend to Domain.

4. Next, the report will display all server domains and their incoming and outgoing messages, with compromised accounts typically being the most frequently sent domains.

5. Finally, clicking on a domain displays a mail traffic report for users, with reporting mode set to “Users” to identify the most email-volume-sending users.

Table of Contents