Over the past several months I have been seeing an increase in the number of customer accounts being abused to relay spam via our server. In each case the customer account credentials have been used to authenticate to our SMTP service and spam.
Do I think these customers have decided to get into the “business” of sending spam? No.
I do, however, have to behave in pretty much the same way as if I did which means in each case the customer account is immediately terminated.
Previously I have tried other approaches. I have changes the password on the account (and on all associated accounts and email only accounts, etc) and contacted the customer to let them know and ask them to fix their security. The problem with this is that in almost all cases the customer denies that they are at fault or is incapable of fixing their security properly so the problem happens again fairly quickly with the same account.
It may seem that terminating the customer account is too harsh but reality is that when a customer account is abused in this way it damages the whole service. Other email servers refuse to accept any email from our server and that harms all customers. In order to remedy this I have to spend significant amounts of time cleaning up our email queues and working with other ISPs and blocklist operators to get the UKFSN outbound email service working again.
This weekend I had to terminate two customer accounts because of this. One begins “dab” and the other “chr”.