Patterns and restrictions
The Zone automatically detects patterns in outgoing emails from its SMTP servers that indicate the exploitation of email accounts for cyber attacks or crimes. Where appropriate, Zone will implement restrictions to reduce the damage that such activity may cause to customers and Internet users.
When a restriction is applied, our customer, the ZoneID account holder, will be notified by e-mail!
Number of emails
The number of emails sent is considered to indicate a possible attack if in the last 15 minutes the email user has sent more than 1 email for every 5 seconds.
The number of mail sent is tracked in the following systems:
- webserver;
- a web-based email client (such as webmail.ee);
- SMTP server (for example, smtp.zone.eu).
If a suspicious pattern is detected, the email account will be blocked and a notification letter will be sent to the customer.
Sender’s person
In addition, various patterns are checked which may indicate that the identity of the apparent sender of the email may have been stolen.
For example, if a single email account is accessed from a number of different IP addresses in a short period of time, it is very likely that the email user’s password has been compromised by attackers and, using a botnet, an attempt is made to use identity theft to send spam, phishing emails or malware.
There are many different patterns of this kind. If suspicious activity is detected, the email account is blocked and a notification letter is sent to the customer.
We have also written a blog post about the way criminals guess weak email passwords (in Estonian) https://blog.zone.ee/2017/06/27/paha-panda-varastab-postkaste/
How to remove the restrictions applied?
If you’re sure that you or another account user hasn’t intentionally or unintentionally created an attack pattern, the first thing you should do is change your email account password!
In order to remove the restriction, contact Zone Customer Support on +372 688 6886 or send us an email to info@zone.ee from an alternative account!