If you’ve ever forgotten the password to your email account, you may have noticed that you get locked out when you try and fail several times in a row in a short period of time. It’s a protection against so-called brute force attempts, where hackers try to guess your password.
Our mail servers now have smarter protection. By identifying and sharing knowledge about hackers, it automatically learns and gets both smarter and better over time. So both more secure and a little less trouble for you if you forget your password.
What is a brute-force email attack?
A brute-force attack is when someone uses software to try to access your email account by repeatedly trying to guess your password.
Why does someone want to access your email? It’s usually not to read your particular email. Instead, they want access to use your email to send spam. This not only leads to your email address being flagged by spam filters, but our entire server.
Already today we have systems in place that protect against brute-force attacks by blocking you if you try and fail too often within a short period of time. Often the automated system then gives up and moves on to someone else.
Smarter protection that learns
You may have come across our brute-force protection by accident at some point. Maybe you’ve forgotten your password, tried a few times and been blocked for 15 minutes.
Our new protection is a little smarter. It identifies and classifies login attempts based on more parameters than just the number of attempts. By constantly learning and sharing its knowledge, we block more real brute-force attempts and fewer incorrect ones.
Depending on what the system sees happening, it then gives the account and IP number an appropriate restriction. From temporarily locking out, to blocking globally.