November 24, 2010 8:30 am – We implemented an upgrade on our email system which increases the security of email transmission. The upgrade was supposed to be seamless, so it was not announced. However, this morning we have received sporadic reports of email not going through. We are investigating the issue to see if the two are related. We will be posting updates here.
November 24 8:50 am – It looks like some spammers have compromised one or more email accounts and are sending out mass volumes of spam through our servers. We are actually delivering email, but it is being delayed because of the volume of email. We are working on removing the malicious spam from our system and identifying the compromised email account(s).
Note: No email has been lost (except the spammer’s email). It has just been delayed a little. As of 9:00, it looks like almost 100% of delayed email has been delivered. There are a few ISPs who have temporarily delayed email coming from our mail server due to the spam originating from it, but those blocks should be cleared shortly.
November 24 9:08am – We have identified the email account which was being used by the spammers to relay messages. We have changed the password on the account and blocked the spammer’s IP address. This user made the common mistake of having the username and password be the same thing. For example, if the email address was firstname.lastname@example.org, the password was user. This is something the spammers regularly try to find, so if you have an easy password on your account such as this we STRONGLY suggest you change it. You can change it by going to our home page at https://www.netsolinc.com and clicking on “Modify Email Account Settings” or by clicking this link.
November 24 2:40pm – The spammers have apparently gathered several accounts with usernames and passwords which are the same. We are watching the system, and as we find the spammers exploiting an account, we are changing the password for the account. We are attempting to call the affected users, but we have not been able to reach everyone. If you are having email trouble all of the sudden, and your password is the same as your username, then please call us at 256-547-6817 or 877-886-6868 so that we can help you reset your password.
November 25, 2010 – 9:35am – The spammers are still finding accounts with weak passwords. We are eliminating them as we see them being exploited. We put a system in place yesterday which alerts us of unusual email volume and allows us to detect the attack more quickly. Most users should not see any issues, however it is possible that you may see your email client get disconnected from the email server if we happen to be stopping an attack at the moment you are sending or receiving an email. We did not mention it yesterday, but the security enhancement we put in place a couple of days ago (mentioned at the first of this post) did NOT have anything to do with these attacks. The security we put in place did not work with bad passwords, but it actually encrypts the email as it is sent to to other servers (if they support encryption).