Account Status: SHUTDOWN?

0

Our SES account was seemingly hacked - we have no trace of bad emails being sent by our server. Nothing in mqueue folder, no bounces/complaints, nothing.

I've been sending emails to ses-review@amazon.com for over 24 hours but have had no response. This is the latest email I sent attempting to answer the key questions below.

What else can/should I do?

Thanks for your help,

Mark


I am trying again to respond to the Shutdown of our SES account. Let me try to address the key questions:

  •   What caused your high complaint rate?  
    

We presume our SMTP account was hacked and we have changed the credentials - none of those bad emails were sent by us. The appropriate configuration files on our server as protected. We have not seen any complaint emails from our server associated with this email send of 24k +. To add, we have not sent any emails from our server since 7/11/19 and the hack seems to have occurred on 7/14/19.

  •   What changes have you made in your email-sending systems or processes?  
    

We have reset the credentials for SMTP. We have validated that no bad emails were sent from our servers. We are not using any non opt-in email addresses. Our bounce rate should revert to normal - historically less than 0.2%. Our complaint rate should revert to our normal - historically less than 0.02%.

  •   How do these changes ensure that the issue won't occur again in the future?    
    

New SES SMTP credentials. New AWS login. Scanned/removed all malware on our server. New tools to monitor and alert any hacked sending from our servers. Our systems are safe to re-enable our SES service.

Please let me know any questions. We really need to get our SES account live again.

Edited by: Amazon Customer on Jul 15, 2019 5:41 PM

asked 5 years ago273 views
12 Answers
0

Hi,

I can confirm that the account is Healthy now.

Regards,
Gaurav @ AWS

answered 5 years ago
0

Thank you so much!

answered 5 years ago
0

Hi:

I cannot believe it - this has happened again. We sent an email to ~18k opt-in customers yesterday. 1 complaint. Maybe 10 bounces.

Just now I get another warning from SES and see somehow 29000 emails have been sent and the complaint rate is already at 0.69%.

Our server has no queue, nothing is being sent from our email app, sendmail is still shutdown on the server.

I just updated the SMTP credentials again.

Can I pay for some support for SES to figure out how the heck this is happening?

Thanks for your help!

answered 5 years ago
0

A short while later and 42000 emails have been sent using our SES account. I do not understand - SMTP credentials have not even been copied from SES. Our bounce/complaint email is not getting anything - zero emails. Nothing in our catchall / spam accounts.

Is there a way to find out where these emails are being sent from? I do not see anything in the SES Management Console.

Any help is welcomed! Thanks.

answered 5 years ago
0

If someone at AWS support can shut down our SES account for now that would be great. Thanks!

Again I think we need paid support to figure this out.

answered 5 years ago
0

Now almost 54000 emails have been sent and the complaint rate is 0.89%. SMTP credentials have been reset once more. Our apps and server show zero activity in terms of email sends. I have zero ideas about how this is happening but welcome any help. Thank you - I'm looking for help.

answered 5 years ago
0

Now at 54k emails sent. Complaints are up to 1.01%.

Still... Nothing being sent by our server or apps. No complaints to our accounts. SMTP credentials changed and changed - that info is not even on our server and only on AWS.

Absolutely out of our control.

Any help appreciated. Thanks! Happy to pay for AWS support!

answered 5 years ago
0

Just sent this email to ses-review@amazon.com...

=====

​What caused your high complaint rate?

We presume our SMTP account was hacked and we have changed the credentials​ twice tonight​ - none of those bad emails were sent by us. The appropriate configuration files on our server are protected. We have not seen any complaint emails from our server associated with this email send of ​54k +. To add, we have not sent any emails from our server since 7/​16/19 and the hack seems to have occurred on 7/​18/19.

What changes have you made in your email-sending systems or processes?

We have reset the credentials for SMTP​ twice tonight​. We have validated that no bad emails were sent from our servers. We are not using any non opt-in email addresses. Our bounce rate should revert to normal - historically less than 0.2%. Our complaint rate should revert to our normal - historically less than 0.02%.

How do these changes ensure that the issue won't occur again in the future?

New SES SMTP credentials. Scanned/removed all malware on our server. New tools to monitor and alert any hacked sending from our servers. Our systems are safe to re-enable our SES service.

Please let me know any questions. We really need to get our SES account live again.

​Happy to have paid support from Amazon to resolve this.​

answered 5 years ago
0

The shutdown happened again.

answered 5 years ago
0

Opening new thread.

answered 5 years ago
0

Were you able to resolve this? We are facing similar problem.

answered 5 years ago
0

Have you tried using IP Address Filters as a temporary solution? If it is only a short number of IP addresses or a well-defined set of ranges that you need to send email from, this might fix the problem.

I would still want to investigate this though...to figure out how these people are gaining access to your account.

cazort
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions