Back to main menu


Help! My email account has been hacked. What should I do?

How do you come back from being hacked? If your email account is being used to send spam, expect both an immediate and lasting impact. Avoid the turmoil and follow our guide to learn how to handle and, more importantly, prevent this type of hack.



“Dear friends and family, if you’ve gotten any suspicious-looking messages from me recently, please don’t open them!”

That’s probably the message you’d send to your contact list if someone hacked your personal email.

And, while identity theft is terrible, imagine if your business email account got hacked. It’s not only your personal bank account, credit cards, and personal data at risk, but also all of your customer data. A malicious cybercriminal can easily use your email account to scam your customers and destroy the relationship and trust you’ve built with your subscribers – not to mention your sender reputation.

We’re not going to lie, having your email compromised is  not a good situation to find yourself in but don’t worry, we’ve got you covered.

How can my account become compromised?

You’ve probably got great cybersecurity protocols in place, but all it takes to break through your defenses is someone leaking your API keys or SMTP credentials. Here’s a list of some common ways your email account can be exposed and compromised:

  • Your password is insufficiently strong and therefore easy to decrypt.

  • Someone has leaked your API keys or SMTP credentials.

  • You’ve fallen for a phishing scam or clicked on a malicious link, accidentally downloading malware that opened a backdoor for scammers to gain access to your account.

  • You’ve exposed yourself by signing onto public wifi without using a VPN.

As a best practice, we recommend that you always check your recent activity and investigate any suspicious activity you don’t recognize. You should take your online security as seriously as fraud charges on your credit card. This way, even if your account is compromised, you can nip the hack in the bud and quickly work to minimize and reverse damages.

What do I do if my account is compromised?

Let’s say that the worst has happened, and your account has already been compromised. What can you do? Here are some things you can do right away.

  1. Reset API keys and SMTP credentials

  2. Assess the damage

  3. Reverse or address the damage

  4. Strengthen passwords

Let’s dig into each of these below.

1. Reset API keys and SMTP credentials

The first thing that you need to do is cut the spammers’ access to your accounts. As an admin, you’ll need to reset your account’s API keys and SMTP credentials for any domain that seems to have issues. The faster you do this, the better off you’ll be.

2. Assess the damage

Now that you have new keys and credentials, it’s time to check how much damage was done. Like the holidays, you'll have some cleaning up to do once the chaos is over.

Unfortunately, you may face negative consequences because the hackers have probably sent out spam messages authenticated with your actual domains/dedicated IPs.

The most commonly seen issue is your IP may be blocklisted. This can happen on the day the unauthorized send happened or a few days later. In the days that follow, you’ll receive a lot of spam complaints, so be prepared to work with your marketing team to do some damage control.

3. Reverse the damage

Now that you’ve assessed the damage, it’s time to reverse it. Not all DNS blocklists are created equal, and the majority won’t impact the delivery of your emails, so it’s best to quickly resolve the listings that matter before focusing on the less utilized blocklists.

If you find yourself on a blocklist, here’s what you need to do to get delisted:

  1. Check the information you received when you’re informed that you’re blocklisted. Most blocklist vendors will include a URL for you to begin the blocklist removal process.

  2. Send over the information requested by the blocklist vendor. Most reputable blocklist vendors will have a clear self-service path to delisting that involves sending them your contact information and any comments as to the possible reason for the block.

As a benefit of Mailgun's Deliverability Service, we’ve automated the monitoring of all major blocklists to check them in real-time. Our team of experts will step in to deal with the blocklist providers directly.

4. Strengthen passwords

Once you’ve reversed the damage to your IP and domain reputation, it’s time to do a password reset. Ensure that your new password is sufficiently strong. Then, set a strong password for the compromised email account and strengthen your cybersecurity practices. Not quite sure how to prevent future leaks? Keep reading, and we’ll go over some tips in the section below.

How can I prevent future leaks?

Once you’ve gotten damage control out of the way, it’s time to think about how to prevent future leaks. Besides strengthening your security software, you can also:

  • Restrict API key and SMTP credential access, if possible

  • Enable two-factor authentication (2FA)

Let’s go over each of these in detail below.

How can I restrict API key and SMTP credential access?

Anyone with access could have contributed to your credentials becoming compromised. You can check out our comprehensive security guide for some general advice on running your infrastructure in a secure configuration.

When hackers send spam with your credentials, it’s likely because your sensitive information got leaked in a public script. You’ll need to make sure only the right people can read your API keys. Luckily, with Mailgun, you can restrict access to your API keys and SMTP credentials by assigning specific roles to your users. The last thing you want is a well-intentioned non-dev sharing your secret keys without knowing what purpose they serve.

How can two-factor authentication boost my account security?

Enabling 2FA adds a few extra steps of protection, and since logging in involves a second external device or account, it’s a lot harder to compromise credentials. We recommend ensuring everyone on your team with access, not just administrators, have 2FA configured.

Check out our guide on 2FA to get up to speed. Or, if you’re feeling ambitious, work with your security team to implement multi-factor authentication.

A bonus tip before we go

Security is a big consideration when it comes to partnering with services. Make sure you’re choosing a service that provides effective support to act as a resource if you get in a bind.

And if you want additional peace of mind, Mailgun’s Deliverability Service might be a great fit for your email program. We partner you with one of our experts who will help you create and maintain a healthy email program.

Learn about our Deliverability Services

Deliverability Services

Looking to send a high volume of emails? Our email experts can supercharge your email performance. See how we've helped companies like Lyft, Shopify, Github increase their email delivery rates to an average of 97%.

Related readings

What is M3AAWG, and why you should get involved

Every company is trying to achieve growth and be more recognizable and the protection of that journey can be incredibly challenging. There are times when everybody considers...

Read more

Prevent your emails from going to spam: Plus 10 tips to fix it

Emails that land in the spam folder end up wasting all of that time and effort from your email marketing program – and they certainly won’t get any results. Sometimes, it can...

Read more

What is SMTP and how does it work?

SMTP, though a pillar of email delivery, often gets lost in the jumble of tech terms and acronyms. But if you're ready to send impactful emails, this is one of those acronyms that...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon