Problem Description
1. The mailbox was stolen and the password was leaked.
2. The mailbox has not been stolen. The others use SMTP sending protocol and other technical means to send the email by impersonating the sender and carry out blackmail and phishing.
Solution
Determine whether it was really stolen at first.
Real Theft
1. Please change the email password as soon as possible. If you cannot change it in time, please contact the email administrator to freeze the email account.
2. The email admin can use the Email Recall feature to recall abnormal emails to reduce the impact. Related document: How to Recall Emails by Postmaster Account?
3. Set IP login restrictions.
4. Verify whether the account has automatic forwarding and receiving rules set by the others. If so, it is recommended to delete them.
5. Check and remove virus from logon device.
6. Report relevant emails.
You are advised to perform other operations with caution after evaluating them to avoid affecting other employees:
Enable the Multi-factor authentication. Related documents: What Is The Multi-factor Authentication?
Unreal Stolen, Counterfeit Sender
1. The SMTP standard protocol allows the display sender to be different from the true sender.
Please check the real sender (MF or mailfrom field) through the original email. If it is the address of employee account in the same domain, please change the email password in time.
For more information, please check How to View/Download the Original Email?
2. The "AC=SPAM" means that the anti-spam system has judged it as spam. It is recommended that employees set the Anti-spam level to "high", and the email will be intercepted and delivered to the trash can.
If the email is not identified as spam, you can customize the blocking rules to avoid blocking normal emails.
At the same time, it is recommended to report relevant emails.
