Recently we’ve seen a significant increase in the number of MDaemon servers we come across being used to send spam email, and we’re finding that it’s often via an authenticated SMTP session.
Once an email account and password are known by a spammer, it becomes easy to send large volumes of email via that server. With a little digging, we’re finding that in the cases we see among customers, the cause is nearly always that the user’s chosen a weak password.
There are several ways a spammer can guess a user’s password. Historically, dictionary attacks were quite common. Simple passwords could be guessed easily, particularly if they were the same as the username, or one of many common words used such as ‘password’, ‘letmein’ etc
More recent attacks are not actively guessing passwords by testing the authentication but appear to know the correct password on the first attempt, which begs the question, how on earth is a stranger getting hold of my username or password!?
There are several ways that a spammer can harvest this information, but fortunately there are several simple steps you can take to protect yourself….
1. Use a unique password for your MDaemon account
It doesn’t matter how complicated your password is, if you use it in more than one place you’ve compromised how secure it is. Every time you enter your email address and password into a Web site you’re transmitting it over a network, as well as potentially giving it to a third party. Sure, reputable companies will do their best to encrypt the traffic and store the password in a secure manner, but you have to ask yourself, can you be sure this is happening?
Also how often do we hear of user’s databases being compromised and your personal details being made available? If you’ve used the same email address and password for a service that’s then compromised, you’ve just given away full access to your company emails and mail server (among other things!).
2. If you receive an email with a link that takes you to a Web page asking you to log into an account – treat it as suspicious!
A simple check that can help here is is to look at the url that a link actually points to before you click it. Often the email client will show this if you hover over it with the mouse cursor. You may find it says ‘www.yourbank.com/login.asp’ but it actually links to something else such as ‘www.tempage.myblogspace.hacked.com’ in which case you may be less keen to click through.
3. Enable strong passwords in MDaemon
This setting is on by default but often gets turned off as users are required to put a little extra thought into coming up with more complex, and therefore stronger passwords. Unfortunately without it, the temptation is to enter a very simple password leaving the server more susceptible to an attack.
4. Don’t use plain words as passwords, rather think of a phrase.
For example, the password ‘T1mSp4amE’ is actually easy to remember if you remember the phrase ‘This is my Strong password 4 accessing my Email’ and changing case as well as numbers, you’ll comfortably meet the strong password policy.
5. Use secured IMAP, POP3 and SMTP where possible
By securing your email traffic you are not transmitting your password in plain text and it is less likely that any third party has sniffed a copy of these details.
6. Use antivirus software on your client PC’s
Using a decent antivirus application helps protect against the possibility of local malware getting installed and potentially harvesting your user account details and passwords.