How do ESPs prevent account compromise or abuse?

Account compromise is a serious threat: attackers who gain access to legitimate accounts use them to send spam or phishing from trusted infrastructure. ESPs deploy multiple defensive layers.

Authentication security:

• Two-factor authentication (2FA) requirements
• Strong password policies
• Session management and timeout controls
• IP-based access restrictions

API key security:

• Scoped API keys (limited permissions)
• Key rotation capabilities
• Monitoring of API key usage patterns
• Alerts on unusual API activity

Sending anomaly detection:

• Baseline normal sending patterns per account
• Alert or pause when patterns deviate dramatically
• Sudden volume spikes trigger review
• Geographic or timing anomalies flagged

Rate limiting:

• Per-account sending limits
• Gradual limit increases based on history
• Hard caps even for established accounts

Content monitoring:

• Real-time content scanning
• Pattern matching for known spam/phishing templates
• URL checking against threat databases

Response capabilities:

• Automatic pausing of suspicious accounts
• Rapid response teams for compromise incidents
• Customer notification of detected issues

Compromised accounts damage both the individual sender and shared infrastructure, so ESPs invest heavily in prevention.