cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
New

Unauthorized email useage

Had webhosting and wordpress was continually hacked. I suspended that service. Meanwhile, emails were going out from my email account that weren't from me. I show no other users authorized on my account and have changed my password a few times now. How do I stop emails going out looking like they came from me?

1 REPLY 1
Highlighted
Employee
Employee
Solution

Re: Unauthorized email useage

Hi @toeser

 

Thank you for you post. Sorry to hear about the email situation you are facing. In my experience this may be due to 2 separate causes.

 

Email Compromise: 

Email compromise is when someone gains access to the email itself, usually through gaining the email's password by a key-logger or other malware that is installed onto the users device. This usually can be resolved by resetting the emails password from a secure and clean device without malware issues and then scan the affected device with a malware scanner and antivirus. 

 

Email Spoofing:

Email spoofing will seem similar to an email compromise but works differently. With email spoofing the offender has no direct access to the email account or server. Instead they use a masking system to send emails from their server and address in a way that the recipient will see the email as coming from your address. When the recipient bounces the email it sees your address instead of the offenders, even though your email server and address never directly sent the email. To help resolve this it will require that you add an SPF record into your domains DNS zone file.  SPF records will send a request to the recipients email server to verify the sending server before accepting the message to ensure that the email was sent legitimately from the authorized server.  

 

How to tell the difference?

Email compromise will usually cause a very noticeable increase in your email relay usage. If you use workspace email, you may view your relay usage within the Workspace Control Center of your main account.  Each time an email client, such as outlook or apple mail, sends an outbound message from your email addresses server it will use a relay to do so. We limit the outbound relay usage to 250 a day to help combat these occurrences. If you notice an increased relay usage or are receiving bouncebacks that you have exceeded your relay usage this would be a sign of an email compromise.

 

If you do not see an increase of relay usage and the occurrence continues after you have taken the proper steps to update the password of your email from a secure device it will most likely be a case of email spoofing. 

 

This is never easy to deal with, especially in cases where the email address is used solely for business purposes. We are here to help as much as possible and will be happy to address your concerns and help you with the processes to determine the cause of this occurrences. Please feel free to reach out to our 24/7 support line at any time for assistance in this matter.

 

Best wishes!

-Techfly