How to identify a compromised sending account?

Compromised account indicators:

Volume anomalies:

Sudden large volume increases

Sending at unusual hours

Volume far exceeding normal patterns

Content anomalies:

Messages you did not create

Spam or phishing content

Unfamiliar templates or links

Recipient anomalies:

Bounces to unknown addresses

Sending to addresses not in your list

International destinations you do not serve

External signals:

Blocklist listings citing spam

Abuse reports you did not expect

ESP notifications of suspicious activity

Response:

Secure account immediately

Change passwords

Review access and API keys

Hijacked ship sending unauthorized cargo. Retake control and secure access.