Email Account under attack (really) - anything I can do?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







17















Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.



My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.



Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?






email botnet







share|improve this question







New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 11





    Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

    – schroeder
    15 hours ago






  • 1





    Are you using one of the big email providers (Gmail, etc) or something smaller?

    – Anders
    13 hours ago











  • If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

    – jpmc26
    10 hours ago






  • 1





    Get a better provider that isn't so vulnerable to this kind of trivial DoS?

    – Nate Eldredge
    8 hours ago











  • Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

    – jww
    6 hours ago




















17















Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.



My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.



Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?






email botnet







share|improve this question







New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 11





    Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

    – schroeder
    15 hours ago






  • 1





    Are you using one of the big email providers (Gmail, etc) or something smaller?

    – Anders
    13 hours ago











  • If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

    – jpmc26
    10 hours ago






  • 1





    Get a better provider that isn't so vulnerable to this kind of trivial DoS?

    – Nate Eldredge
    8 hours ago











  • Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

    – jww
    6 hours ago
















17












17








17








Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.



My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.



Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?






email botnet







share|improve this question







New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts.



My password is as strong as a password can be so the chance of brute force winning is infinitesimal. However as a result of the authentication failures, my hosting provider keeps locking the email account.



Is there anything I can do (or that I can ask my hosting provider to do), or am I just screwed until the botnet moves on? Anyone with similar experience who can comment on whether I can expect this to ever end?






email botnet




email botnet






share|improve this question







New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 16 hours ago









clemdiaclemdia

865




865




New contributor




clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






clemdia is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 11





    Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

    – schroeder
    15 hours ago






  • 1





    Are you using one of the big email providers (Gmail, etc) or something smaller?

    – Anders
    13 hours ago











  • If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

    – jpmc26
    10 hours ago






  • 1





    Get a better provider that isn't so vulnerable to this kind of trivial DoS?

    – Nate Eldredge
    8 hours ago











  • Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

    – jww
    6 hours ago
















  • 11





    Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

    – schroeder
    15 hours ago






  • 1





    Are you using one of the big email providers (Gmail, etc) or something smaller?

    – Anders
    13 hours ago











  • If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

    – jpmc26
    10 hours ago






  • 1





    Get a better provider that isn't so vulnerable to this kind of trivial DoS?

    – Nate Eldredge
    8 hours ago











  • Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

    – jww
    6 hours ago










11




11





Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

– schroeder
15 hours ago





Ask your email provider to make a change, that's the only options. In the meantime, open a new account and forward all emails to your new account so that you are still functional?

– schroeder
15 hours ago




1




1





Are you using one of the big email providers (Gmail, etc) or something smaller?

– Anders
13 hours ago





Are you using one of the big email providers (Gmail, etc) or something smaller?

– Anders
13 hours ago













If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

– jpmc26
10 hours ago





If you're using Gmail, you might try setting up a second account and granting it delegate access. That might at least allow you to check your e-mail when the account gets locked, if Gmail doesn't also block delegates when locking.

– jpmc26
10 hours ago




1




1





Get a better provider that isn't so vulnerable to this kind of trivial DoS?

– Nate Eldredge
8 hours ago





Get a better provider that isn't so vulnerable to this kind of trivial DoS?

– Nate Eldredge
8 hours ago













Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

– jww
6 hours ago







Maybe another account is under attack (Bank? Facebook? Income tax refund? Domain in your possession?), and they are taking out your email so you don't get notified.

– jww
6 hours ago












4 Answers
4






active

oldest

votes


















15














No. That's pretty much the background noise of being on the internet.



From a random server I have with e-mail:



$ sudo grep -c "auth failed" /var/log/mail.log

1109


That's today. It's with fail2ban blocking more than five attempts from the same IP.






share|improve this answer



















  • 3





    This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

    – John Keates
    9 hours ago











  • True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

    – clemdia
    3 hours ago





















15














A few thoughts:




  • Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.

  • If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.

  • If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)

  • Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.

  • Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.






share|improve this answer



















  • 3





    Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

    – Barmar
    12 hours ago











  • What makes you think he's not already using IMAP?

    – Barmar
    12 hours ago











  • @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

    – Anders
    12 hours ago






  • 2





    @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

    – jpmc26
    10 hours ago








  • 2





    I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

    – Barmar
    9 hours ago



















4














Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this. 



 From: account-I-always-had@oldserver.com

 Subject: Re: so-and-so

 In-Reply-To: <4735813474834434634@theirmail.com>

 Sender: burneraccount@newserver.com


Or something like that.



Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.



As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.



Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.






share|improve this answer



















  • 2





    Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

    – Esa Jokinen
    2 hours ago











  • THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

    – clemdia
    2 hours ago





















1














You can set a firewall before your server and with right configuration you can reduce brute force attempts.



You try with your MTA configuration, an example can be Postfix:



smtpd_client_restrictions =

        permit_sasl_authenticated,

        reject_rbl_client zen.spamhaus.org,

        reject_rbl_client bl.spamcop.net,

        reject_rbl_client cbl.abuseat.org,

        reject_rbl_client sbl-xbl.spamhaus.org,

        permit permit_mynetworks,

        permit_inet_interfaces,





share|improve this answer
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    clemdia is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206923%2femail-account-under-attack-really-anything-i-can-do%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    15














    No. That's pretty much the background noise of being on the internet.



    From a random server I have with e-mail:



    $ sudo grep -c "auth failed" /var/log/mail.log
    
1109


    That's today. It's with fail2ban blocking more than five attempts from the same IP.






    share|improve this answer



















    • 3





      This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

      – John Keates
      9 hours ago











    • True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

      – clemdia
      3 hours ago


















    15














    No. That's pretty much the background noise of being on the internet.



    From a random server I have with e-mail:



    $ sudo grep -c "auth failed" /var/log/mail.log
    
1109


    That's today. It's with fail2ban blocking more than five attempts from the same IP.






    share|improve this answer



















    • 3





      This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

      – John Keates
      9 hours ago











    • True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

      – clemdia
      3 hours ago
















    15












    15








    15







    No. That's pretty much the background noise of being on the internet.



    From a random server I have with e-mail:



    $ sudo grep -c "auth failed" /var/log/mail.log
    
1109


    That's today. It's with fail2ban blocking more than five attempts from the same IP.






    share|improve this answer













    No. That's pretty much the background noise of being on the internet.



    From a random server I have with e-mail:



    $ sudo grep -c "auth failed" /var/log/mail.log
    
1109


    That's today. It's with fail2ban blocking more than five attempts from the same IP.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 14 hours ago









    vidarlovidarlo

    3,634723




    3,634723








    • 3





      This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

      – John Keates
      9 hours ago











    • True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

      – clemdia
      3 hours ago
















    • 3





      This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

      – John Keates
      9 hours ago











    • True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

      – clemdia
      3 hours ago










    3




    3





    This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

    – John Keates
    9 hours ago





    This is not the same thing. He is referring to one specific account, not the complete authentication log for a mailserver. This is attempts at one specific user.

    – John Keates
    9 hours ago













    True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

    – clemdia
    3 hours ago







    True it is my account specifically - but I think vidario has it right in a general sense. My hosting company recently updated their implementation of csf, and I wonder if it’s too strict - I’ve been wondering if the attacks are nothing new - just a new policy of locking account after “x failed attempts in y minutes”...

    – clemdia
    3 hours ago















    15














    A few thoughts:




    • Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.

    • If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.

    • If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)

    • Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.

    • Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.






    share|improve this answer



















    • 3





      Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

      – Barmar
      12 hours ago











    • What makes you think he's not already using IMAP?

      – Barmar
      12 hours ago











    • @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

      – Anders
      12 hours ago






    • 2





      @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

      – jpmc26
      10 hours ago








    • 2





      I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

      – Barmar
      9 hours ago
















    15














    A few thoughts:




    • Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.

    • If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.

    • If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)

    • Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.

    • Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.






    share|improve this answer



















    • 3





      Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

      – Barmar
      12 hours ago











    • What makes you think he's not already using IMAP?

      – Barmar
      12 hours ago











    • @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

      – Anders
      12 hours ago






    • 2





      @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

      – jpmc26
      10 hours ago








    • 2





      I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

      – Barmar
      9 hours ago














    15












    15








    15







    A few thoughts:




    • Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.

    • If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.

    • If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)

    • Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.

    • Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.






    share|improve this answer













    A few thoughts:




    • Usually my first recommendation would be to pick an extremely strong password. But you allready got that covered.

    • If there is two factor authentication available, turn it on. If you are lucky, it might make you an unattractive target and cause the attacker to move on.

    • If the account lock out doesn't affect other methods of reading your mail, like via IMAP, you could switch to that to maintain access. (To be honest, I don't know much about the security of IMAP, so you might want to consider that before turning it on.)

    • Forwarding the mail somewhere else will also ensure that you can read it even if your account is locked.

    • Finally, you can try contacting your email provider. I think your best bet here is to just describe the problem to them, and ask what they can do to help you.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 13 hours ago









    AndersAnders

    50k22143166




    50k22143166








    • 3





      Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

      – Barmar
      12 hours ago











    • What makes you think he's not already using IMAP?

      – Barmar
      12 hours ago











    • @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

      – Anders
      12 hours ago






    • 2





      @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

      – jpmc26
      10 hours ago








    • 2





      I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

      – Barmar
      9 hours ago














    • 3





      Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

      – Barmar
      12 hours ago











    • What makes you think he's not already using IMAP?

      – Barmar
      12 hours ago











    • @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

      – Anders
      12 hours ago






    • 2





      @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

      – jpmc26
      10 hours ago








    • 2





      I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

      – Barmar
      9 hours ago








    3




    3





    Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

    – Barmar
    12 hours ago





    Would 2FA really help? The second factor isn't usually attemped until after a correct password is entered, and the attacker will never get that far.

    – Barmar
    12 hours ago













    What makes you think he's not already using IMAP?

    – Barmar
    12 hours ago





    What makes you think he's not already using IMAP?

    – Barmar
    12 hours ago













    @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

    – Anders
    12 hours ago





    @Barmar I say "if you are lucky" for a reason. If the attacker, either a human or a bot, can detect that 2FA is on, it might give up. Or not. At least it don't hurt.

    – Anders
    12 hours ago




    2




    2





    @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

    – jpmc26
    10 hours ago







    @Barmar If the attacker's script isn't written to try to enter anything on the second factor, it might prevent the lock out. Worth a try at least.

    – jpmc26
    10 hours ago






    2




    2





    I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

    – Barmar
    9 hours ago





    I think most 2FA systems don't prompt for the second factor until after you successfully pass the first.

    – Barmar
    9 hours ago











    4














    Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this. 



     From: account-I-always-had@oldserver.com
    
 Subject: Re: so-and-so
    
 In-Reply-To: <4735813474834434634@theirmail.com>
    
 Sender: burneraccount@newserver.com


    Or something like that.



    Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.



    As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.



    Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.






    share|improve this answer



















    • 2





      Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

      – Esa Jokinen
      2 hours ago











    • THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

      – clemdia
      2 hours ago


















    4














    Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this. 



     From: account-I-always-had@oldserver.com
    
 Subject: Re: so-and-so
    
 In-Reply-To: <4735813474834434634@theirmail.com>
    
 Sender: burneraccount@newserver.com


    Or something like that.



    Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.



    As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.



    Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.






    share|improve this answer



















    • 2





      Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

      – Esa Jokinen
      2 hours ago











    • THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

      – clemdia
      2 hours ago
















    4












    4








    4







    Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this. 



     From: account-I-always-had@oldserver.com
    
 Subject: Re: so-and-so
    
 In-Reply-To: <4735813474834434634@theirmail.com>
    
 Sender: burneraccount@newserver.com


    Or something like that.



    Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.



    As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.



    Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.






    share|improve this answer













    Yeah, it's pretty easy to have your official email address forward your emails to a new "burner" email account. Then in the new email account setup, you set your From: field to your official email address. That way mails go out like this. 



     From: account-I-always-had@oldserver.com
    
 Subject: Re: so-and-so
    
 In-Reply-To: <4735813474834434634@theirmail.com>
    
 Sender: burneraccount@newserver.com


    Or something like that.



    Anyway, that lets you keep your identity at the official email address. The attacks on the login server are irrelevant to receiving and forwarding email.



    As is evident from the above, your new email address may be obvious from headers so don't set up an autoresponder. Only correspond with people you trust. If this burner email account comes under attack, trash this burner account, setup another one, and tell the official email server to forward to the new burner.



    Then, research who you sent mail to in the last 2 days to the last burner account. One of them compromised it. Use one tactic or another to trick them into attacking this or another burner account, that lets you distinguish who exactly did it.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 11 hours ago









    HarperHarper

    2,070413




    2,070413








    • 2





      Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

      – Esa Jokinen
      2 hours ago











    • THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

      – clemdia
      2 hours ago
















    • 2





      Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

      – Esa Jokinen
      2 hours ago











    • THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

      – clemdia
      2 hours ago










    2




    2





    Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

    – Esa Jokinen
    2 hours ago





    Or if possible, change username to be different from the address. This way you reply from the same address and have the same mailbox, but prevent account lockout.

    – Esa Jokinen
    2 hours ago













    THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

    – clemdia
    2 hours ago







    THIS (if only it were possible) - btw this experience has highlighted the lunacy of websites REQUIRING email address as username - just stupid.

    – clemdia
    2 hours ago













    1














    You can set a firewall before your server and with right configuration you can reduce brute force attempts.



    You try with your MTA configuration, an example can be Postfix:



    smtpd_client_restrictions =
    
        permit_sasl_authenticated,
    
        reject_rbl_client zen.spamhaus.org,
    
        reject_rbl_client bl.spamcop.net,
    
        reject_rbl_client cbl.abuseat.org,
    
        reject_rbl_client sbl-xbl.spamhaus.org,
    
        permit permit_mynetworks,
    
        permit_inet_interfaces,





    share|improve this answer




























      1














      You can set a firewall before your server and with right configuration you can reduce brute force attempts.



      You try with your MTA configuration, an example can be Postfix:



      smtpd_client_restrictions =
      
        permit_sasl_authenticated,
      
        reject_rbl_client zen.spamhaus.org,
      
        reject_rbl_client bl.spamcop.net,
      
        reject_rbl_client cbl.abuseat.org,
      
        reject_rbl_client sbl-xbl.spamhaus.org,
      
        permit permit_mynetworks,
      
        permit_inet_interfaces,





      share|improve this answer


























        1












        1








        1







        You can set a firewall before your server and with right configuration you can reduce brute force attempts.



        You try with your MTA configuration, an example can be Postfix:



        smtpd_client_restrictions =
        
        permit_sasl_authenticated,
        
        reject_rbl_client zen.spamhaus.org,
        
        reject_rbl_client bl.spamcop.net,
        
        reject_rbl_client cbl.abuseat.org,
        
        reject_rbl_client sbl-xbl.spamhaus.org,
        
        permit permit_mynetworks,
        
        permit_inet_interfaces,





        share|improve this answer













        You can set a firewall before your server and with right configuration you can reduce brute force attempts.



        You try with your MTA configuration, an example can be Postfix:



        smtpd_client_restrictions =
        
        permit_sasl_authenticated,
        
        reject_rbl_client zen.spamhaus.org,
        
        reject_rbl_client bl.spamcop.net,
        
        reject_rbl_client cbl.abuseat.org,
        
        reject_rbl_client sbl-xbl.spamhaus.org,
        
        permit permit_mynetworks,
        
        permit_inet_interfaces,






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 2 hours ago









        MirsadMirsad

        6,71352348




        6,71352348






















            clemdia is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            clemdia is a new contributor. Be nice, and check out our Code of Conduct.













            clemdia is a new contributor. Be nice, and check out our Code of Conduct.












            clemdia is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206923%2femail-account-under-attack-really-anything-i-can-do%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Statuo de Libereco

            Image
            Koordinatoj: 40°41′21″N 74°02′40″W   /   40.68917°N , 74.04444°U  / 40.68917; -74.04444  ( Statuo de Libereco ) Statuo de Libereco angle: Statue of Liberty statuo Statuo de Libereco de antaŭe Oficiala nomo: Liberty Enlightening the World Lando  Usono Ŝtato Novjorkio Regiono Novjorko Insulo Insulo de Libereco Situo Statuo de Libereco  - koordinatoj 40°41′21″N 74°02′40″W   /   40.68917°N , 74.04444°U  / 40.68917; -74.04444  ( Statuo de Libereco ) Alteco de statuo 46 m  - alteco kun soklo 93 m Pezo 205 000 kg (451 948 lb) Materialoj bronzo, ŝtalo Proponinto Gustave Eiffel  - skulptisto Frédéric Auguste Bartholdi  - proponinto de soklo Richard Morris Hunt  - kapo laŭ modelo de Isabella Eugenie Boyer Transdonita 4-an de julio 1886 Por publiko alirebla por publiko Horzono OT (UTC-5)  - somera tempo OT (UTC-4) Loko
            Read more

            Tanganjiko

            Image
            Lago Tanganjiko Situo centra Afriko Ĉefaj fontoj Kalambo, Lufuko, Malagarasi kaj Ruzizi Ĉefaj elfluoj Lukugo Setlejoj Bujumbura, Kalemie Datenoj Koordinatoj 6°  S , 30°  O -6.3827777777778 29.615 782 Koordinatoj: 6°  S , 30°  O DEC Supermara alteco 782 m Surfaca areo 32 893 km² f5 Maksimuma longo 673 km f6 Maksimuma larĝo 72 km f7 Akva volumeno 18.900 km³ dep1 f8 Maksimuma profundo 1470 m f10 Averaĝa profundo 570 m f11 v   •   d   •   r Mapo de la lago Tanganjiko estas lago en orienta Afriko, inter Burundo, Kongo Kinŝasa, Tanzanio kaj Zambio. Ĝi apartenas al la Granda Rifto kaj estas unu el la Afrikaj Grandaj Lagoj. Tanzanio (46%) kaj DRK (40%) havas la majoritaton de la lago. Ĝi havas longon de 673 km, areon de ĉ. 32.900 km² kaj maksimuman profundon taksatan je 1470 metroj; pro tiu ĉi granda profundo ankaŭ ĝia volumeno estas sufiĉe granda, 18.900 km³. Oni konsi
            Read more

            Liste der Baudenkmäler in Enneberg

            Image
            Die Liste der Baudenkmäler in Enneberg (ladinisch Mareo , italienisch Marebbe ) enthält die 36 als Baudenkmäler ausgewiesenen Objekte auf dem Gebiet der Gemeinde Enneberg in Südtirol. Basis ist das im Internet einsehbare offizielle Verzeichnis der Baudenkmäler in Südtirol. Dabei kann es sich beispielsweise um Sakralbauten, Wohnhäuser, Bauernhöfe und Adelsansitze handeln. Die Reihenfolge in dieser Liste orientiert sich an der Bezeichnung, alternativ ist sie auch nach der Adresse oder dem Datum der Unterschutzstellung sortierbar. Liste | Foto   Bezeichnung Standort Eintragung Beschreibung Metadaten ja Altes Gasthaus Janesch ID: 14567 46° 42′ 54″ N, 11° 52′ 42″ O 76882557800 0 8. Sep. 1986 (BLR-LAB 4974) Ländliches Wohnhaus/Bauernhof KG:  Welschellen Bauparzelle: 391 ja Asch (Prack) ID: 14540 46° 43′ 12″ N, 11° 54′ 35″ O 75496485300 20. Nov. 1950 (MD) Ansitz KG:  Enneberg Bauparzelle: 38 ja Biccia mit Stade
            Read more