The Issue: I am suddenly receiving dozens (possibly hundreds) of bounceback messages in my email account. What has happened?
- What is the cause of this?
- What do I need to do?
What is the cause of this?
If you are suddenly receiving a flood of bounceback messages in your mailbox, it is likely your email address has been exploited and is being used to send spam. It could be that your email was compromised, or your email address has been spoofed. The receiving servers are flagging these emails as spam, resulting in these bounceback messages. If action is not taken, it may also result in your domain, and possibly the entire server landing on a blacklist.
If you email address has been compromised and is actually being used to send spam, it means a hacker has access to your email username and password, or a machine checking and sending messages for this email account has a virus or malware. It could be that you have been a victim of a phishing attack, where a bad agent will ask you to log into your account using a malicious link that records your email and password.
If your address has been spoofed, a spammer has forged (or spoofed) your email address as the FROM address on the spam they are sending. In this case, the emails show that they are coming from your address, but are actually coming from a different address. But, because your address is use as the FROM field, you are the recipient of the bounce back messages.
The important thing to know about this is that anyone can forge anyone else's email address. This is a vulnerability that is left over from the early days of the internet. It's the digital version of forging a return address on an envelope. Because your email account has not been compromised and these messages weren't sent from our server, there is little we can do to stop this once it occurs. This is unfortunately becoming more common, but because of this, the tools to combat it are becoming better as well.
If you are unsure whether your address has actually been hacked or if it has simply been spoofed, we still advise you to go through the steps below, and then contact us with one of your bounceback messages so we can look into that deeper for you.
What do I need to do?
If you believe your email address has been compromised, your first step is to lock down your email addresses to prevent any further unauthorized use.
- Close all email applications on every computer with access to send or receive messages for this email account.
- Change the password for this email account right away. Choose a new password that is secure and save it in your password manager, or keep it somewhere safe.
- Run a virus and malware scan on every device with access to send or receive messages for this email account. This includes any computers, phones or tablets.
NOTE: You may continue to receive bounceback emails for up to the next several days, depending on the volume of emails that left the servers. Treat these messages as you would any other spam.
If your account is compromised
A compromised email account, while more dangerous, is easier to fix. Updating your password should take care of anyone using your mailbox. However, you will also want to check to make sure that email forwarding has not been set up on your account. It is common for hackers to set up a forwarder, so that even if you update your password, your mail will still be sent to their account. They can use this to reset your passwords, as most accounts will send a password reset to your mailbox.
Once you have your new password, you can now go and update your devices. We recommend setting them up one at a time. Update a device and check to make sure it can send and receive before attempting the next device. This will help prevent failed login attempts on the server and a possible IP block. If you think your IP has been blocked, please contact our support team.
If your email is being spoofed.
If you believe your email account was not hacked, and is simply being spoofed, there isn't much you can do besides wait it out. Because the emails aren't being sent via our servers, we can't prevent them. The bounce backs will stop eventually and the spammer will move on to forging someone else's email address.
To help prevent future spoofing attacks, you can set up a SPF (Sender Policy Framework) record for your domain. This record will tell mail servers what servers are allowed to send mail for your domain. Find more information on SPF records here.
In the short term, adding a filter to delete these bounce back messages can help keep your mailbox clean. You will want to remove this filtering after some time has past, as bounceback messages can be helpful for troubleshooting other email issues.
Still Having Issues?
If you are still having issues, you can contact our Customer Support in the following methods:
You can connect to our Live Chat Support Team from your MacHighway Client Area. If you are not sure how to do this, you can find a guide here.
Our Live Chat team is available Monday to Friday from 9:00 AM to 7:00 PM Eastern Time.
You can submit a support ticket to our Support Team from your client area.
Our ticket Support Team is available 24/7/365.
You can contact our Phone Support Team using the following number:
- US/Canada 1-888-974-0334
- International 1-727-800-3606
Our Phone Support team is available Monday to Friday from 9:00 AM to 7:00 PM Eastern Time.