Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels. So, starting today, we're going to do something to help you with those compromised accounts.
In December 2019, we found some interesting data coming from a set of special honeypots that we run. Those honeypots receive a huge amount of SMTP Authentication attempts for external domains (not for our spam trap domains). This raw set of data alone helped several of our customers to find and close down hundreds of compromised accounts.
The data is inherently noisy due to dictionary attacks, past compromises or password leaks. We do some magic tricks to make this data available with the minimum amount of noise and the maximum possible value. We create daily summaries of all the compromised accounts we've observed over the previous 24 hours add necessary metadata and send it to the affected Postmasters and Abuse Desks once per day. This mechanism provides immediately actionable data to catch compromised accounts and handle them.
If you have any questions, feedback, or suggestions, please feel free to reach out to us via email@example.com or use the Intercom Live Chat that is available on all of our sites.