I discovered yesterday that my email server has been used to send spam by receiving email acknowledgements that some email (that I didn’t send of course) has been refused because they were most likely to be unsolicited mail. What a shock when I received these. My first thoughts were: “is it real?” and “I’m going to be black listed…”.
Few years ago, I was running my own email server without any deep knowledge about how to manage it. I must admit that managing this at that time was a bit presumptuous but it was working well. My issue was that it was working a bit magically as you have so many blocks to assemble to have a proper working email server. At some point, a security update broke my email server and I didn’t have much time to investigate where was the issue so I got back on using my old provider. Maybe in a future, I will try again but I have other projects to finish before.
First things first: your password
After the shock, pull yourself together and proceed with logic. When you have no clue about what happened, a sane reflex is to change your password access. Not so long ago I was the kind of guy who was using a “not so bad” random password but on every services I was using. Since about a year I generate long random password in combination with a password manager (and wherever possible a Two-Factor Authentification). Like this I have to remember one strong passphrase and I don’t have remember all the others. It appeared that, for historical reasons, I was still using this kind of weak password. Now, it corresponds to my actual password policy that I think is much better.
Now, you feel a bit more relax, you can take a cup of coffee or tea and try to understand what happened. If you have your own email server, you will look at the logs to see if they had access your login/password, a weakness in one of your software because you don’t install regularly the security updates (that’s not good!), or simply because of your MTA configuration that authorize connections from the outside. If you don’t have access to the server, you can contact your provider to have a better understanding of what happened. In both cases, you can at least know if you have blacklisted and for how long using mxtoolbox. Thanks to that I knew that I have been black listed for 12 hours (renewable) from one third-party service (FabelSources) because the spammer sent about 40 emails that have been flagged as spam. Fortunately, at the moment where I wrote these lines, I wasn’t black listed anymore.
What you can do
Besides changing your password access, if you have a control over your server or at least your DNS records, you can do numerous things such as:
- Ensure that you don’t authorize bouncing from anywhere
- Add a SPF/TXT record
- Use DKIM
On my side, as I don’t have my own server and my email provider doesn’t support DKIM, I added a SPF/TXT record that add one layer more against spammers.