Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels.
So, starting today, we're going to do something to help you with those compromised accounts.
In December 2019, we found some interesting data coming from a set of special traps we run. Those traps receive a ton of SMTP Authentication attempts for external domains (not for our trap domains). This raw set of data alone helped several of our customers to find and close down hundreds of compromised accounts.
The data is inherently noisy due to dictionary attacks, past compromises or password leaks. We did some magic tricks to make this data available with the minimum amount of noise and the maximum possible value.
From today on, we create daily summaries of all the compromised accounts we've observed over the previous 24 hours, add necessary metadata and send it to the affected Postmasters and Abuse Desks.
This mechanism provides immediately actionable data to catch compromised accounts and handle them with the focus they need and deserve.