Over the past few months we’ve seen an enormous jump in the number of password-guessing attacks on our mail servers. The attackers are spammers who are trying to get access to legitimate accounts so they can send spam.
We have software in place that identifies and blocks these attacks, but if a password is too easy to guess the attacker can guess it before the ‘this is an attack’ threshold is reached. When this happens, the victim gets a flood of bounce messages for email they never sent, and when we detect the hijacking we have to lock the account and coordinate with the victim to set a new password, an inconvenience for everybody.
There’s a somewhat geeky but appropriate cartoon that describes a technique for generating passwords that are hard to guess but easy for you to remember at http://xkcd.com/936/.
If your account is on mail.his.com or one of our other Zimbra servers, you can change your password by logging on to webmail and clicking the ‘Preferences’ tab.