It's not unheard of for our clients to have email accounts hacked and spam to be sent--we try to stay on top of it and suspend sites when this happens until the client is made aware of what's going on and can resolve the issue. Some of the new mail restrictions (max defers etc.) are helping keep the outgoing spam volumes from creating problems until we discover them too.
However, today spam reports came flooding in through our feedback loop, and we discovered the same spam campaign (pushing Raspberry Ultra Drops) was being sent through dozens of compromised accounts on 13 of our servers (that we know of so far).
I have never seen such a coordinated compromise like this. Anyone else had this happen? We run a pretty tight security ship, so until I find indications otherwise I suspect this is simply a case of compromised email accounts, but to have it happen across so many servers and used to send a single spam campaign is disconcerting.
However, today spam reports came flooding in through our feedback loop, and we discovered the same spam campaign (pushing Raspberry Ultra Drops) was being sent through dozens of compromised accounts on 13 of our servers (that we know of so far).
I have never seen such a coordinated compromise like this. Anyone else had this happen? We run a pretty tight security ship, so until I find indications otherwise I suspect this is simply a case of compromised email accounts, but to have it happen across so many servers and used to send a single spam campaign is disconcerting.