In the past several months, there has been an uptick in email accounts being compromised and used to send spam. To increase the security of your account, there are two measures every email user should take immediately:
  1. Replace your password with a secure one
  2. Use only encrypted email connections
Turn on encryption: Instructions for configuring your email program to make secure connections is available in the email section of our knowledgebase. Double check your settings and make sure you are secure!

Update your password: You can log into your email account at https://mail.theartfarm.com/, click the Administration tab, and update your password. Tips for choosing a more secure password are:

  • use at least 8 characters, 12 is better, and 16 is good.
  • use a mixture of letters, numbers, symbols, and case.
  • use letters from phrases (mami!20inNY12) is derived from "I watched MaMa Mia! in NY in 2012"
  • do not use personal information. It is easier for computers to determine your birth year than you think.
  • do not reuse passwords. You don't want an email or blog compromise to spill over to online banking.
  • use a password wallet. Password Wallet for the Mac & iPhone and KeePass for Windows are excellent choices. You can keep a copy of the app and your encrypted wallet on your iPhone or a thumb drive.
  • Use a password generator, like WolframAlpha.

Why is this happening?

My best guess as to why spammers are targeting accounts with weak passwords is that it is the most reliably way to send spam. The leading email service providers have significantly increased the barriers to email forgery, a favorite tactic of spammers. The widespread adoption of SPF and DKIM have helped, and the adoption of DMARC is helping further. When mail servers deploy these technologies, they reject over 99% of phishing, cousin domains, and other types of email forgery.


Because it's increasingly difficult to steal the identity of popular domains in their spam, and because spammers often control botnets with thousands of hijacked computers, it is economical for them to use botnets to crack passwords and send spam using legitimate email accounts.

Tuesday, April 30, 2013

« Back