compromised passwords, large outgoing mail count
Question asked by Robbie Wright - 2/27/2015 at 9:57 PM
Had our first customer get their account compromised last week. Average messages per day was about 10 and spiked up to over 600 over the course of 3 days until it was caught. In the reports for the domain, it clearly shows the outgoing mail. In the delivery logs for the server, it shows the outgoing mail. However, the outgoing mail is not shown in the sent mail folder. How would a hacker with compromised creds logs into the server and send mail on behalf of a user and it not show up in sent?

4 Replies

Reply to Thread
Joe Wolf Replied
POP3 is the easiest way. It saves the outgoing messages locally, not on the server.
Robbie Wright Replied
so mail sent through pop3 does not get saved to the sent folder?
CCWH Replied
Correct, POP3 does not synchronise mail so outbound is simply for authentication and all sent emails are in the Sent folder on the local client, not the server.
Ben Conner Replied
One way to mitigate that is to throttle users to so many emails/hour. With one exception we have ours set to 50/hour.

Reply to Thread