Help Center

Understanding compromised account notifications

MailChannels allows you to receive real-time notifications whenever an account within your network is compromised by a spammer. These notifications let you take proactive steps against spammers while reducing your MailChannels Cloud usage fees. 

Message Format

Notifications are sent from and always have the subject line Compromised Account Notification. Here's a sample message for reference:

This notification message was generated by MailChannels Cloud and sent to you because your address is configured to receive notifications in the MailChannels Cloud Console ( Compromised Account Notification A sender on your network has been identified by MailChannels a source of abuse. Please refer to the table below to identify the sender.


Sender ID | ofircom

Sender Type | x-authuser

Sample Message

Subject | Sexy times with your lady friend

Sender IP Address |

Sender Hostname |


View this sender's sending history:

Each notification message is MIME-encoded. If you're parsing notifications with your own script, you'll want to look for the MIME part with content type text/plain and a UTF-8 encoding:

Content-Type: text/plain; charset=UTF-8

Within the plain text MIME part, there is a table of sender attributes, which is demarcated by a line of equals signs (i.e. "=======..."). The left and right columns of the table are separated by a pipe symbol ("|"). The following table describes the various sender identification fields you will find in this table:

Sender Identity Types

MailChannels Cloud tracks many different types of senders, including IP addresses, authenticated users, and script filenames. The system determines which type of sender each message originates from by analyzing the content of the message. We track the following types of senders, which are displayed in the Sender Type field in each compromised account notification message:


How are Sender Identities Used?

MailChannels aims to get the best possible deliverability for your legitimate (non-spam) email. To achieve good delivery rates, we need to ensure that spammers abusing the scripts and accounts on your servers are unable to abuse our services. We reduce abuse levels by trying to determine what type of sender (script, user, or otherwise) originated each message, and then applying an appropriate policy against that sender to limit their capacity for abusing the system. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.