Hacked Emails' Affect on Deliverability

Data breaches happen everyday

While we have all been diligently working to protect the privacy of European customers, data breaches have continued to happen. According to, 2018 is the worst year so far. Here's a small sampling.

January: As many as 2 million payment cards and email addresses were compromised when criminals gained access to Jason's Deli POS system, impacting at least 164 locations. 

February: Researchers discovered the personal information, including email addresses, of 119,000 FedEx customers sitting on an unsecured AWS server. 

March: Orbitz announced a possible data breach affecting 880,000 consumers email addresses. 

April: Panera Bread left the information of 37 million customers in plain text accessible from its website. 

May: Rail Europe confirmed a data breach from 2017 to 2018 whee hackers placed skimming software on its website to capture customers’ credit card numbers and email addresses.

June: Ticketfly had a data breach of more than 26 million customer accounts which included email addresses.

You get the idea. Chances are, you’ve come across many of these email addresses without knowing it.

The affect of data breaches on the email sending reputations

You might think these data breaches matter primarily because they involve sensitive information such as credit card or social security numbers however, as you can see above, they often involve email addresses too, and that can eventually come back to haunt email deliverability.

Although you’re right in assuming that someone’s social security being stolen has little bearing on email deliverability, the fact is, legitimate emails in the wrong hands can lead to misdeeds, mischief and damaged reputations at seemingly innocent email senders.

Why hackers want email addresses

Hackers go after email addresses because that information can provide an access to a person’s online life and sensitive information, as well as a way to “phish” for even more data. However, the bad guys also want email addresses because they can make money from them.

Between 2009 and 2012, one of the largest data breaches in U.S. history took place, as hackers broke into ESP data banks and gained access to over 1 billion email addresses. These email addresses were used to send spam, because the hackers made money as affiliate marketers. Email addresses stolen in this manner are often sold as well, offering hackers another way to profit from their bounty.

This is just one example, and perhaps the most noteworthy one. But as we’ve said earlier in this post, data breaches happen everyday.

Why email senders should care

So how does all of this impact the email service providers and large volume senders? After all, they are innocent, right? Sure, they lacked the diligence to keep the hackers locked out, but the ESPs are not deliberately or intentionally providing access to email addresses, nor profiting from the stealing of them. The evil doers aren’t even using the ESP’s platform to do the sending. So what’s the problem?

The problem is, these now compromised email addresses make their way on to bad lists, and from there, on to good lists. Once these emails have become part of the list selling business, senders can either knowingly or unknowingly send spammy emails—spammy because they don’t have permission to be emailing that recipient. When I say “sender,” I mean a bad guy, but it could also be an innocent marketer who is sending to that email, ignorant of the permission-less status of that email.

How can an ESP defend against good emails in the hands of bad guys?

Diligent email senders should work hard keep these potential bad actors off of their platforms, as well as to make sure legitimate marketers aren’t using bad email addresses. This probably sounds like common sense, but this diligence is often overlooked because ESPs assume every sender and email is on the up and up…because ignorance is bliss, right? Sure—until you’re blacklisted.

Protect your reputation as a sender

There is one easy way to practice this diligence and protect your reputation: BlackBox. BlackBox helps mitigate risks by scoring a sender's list before that list is sent through an ESP's platform. BlackBox scans an unknown list, comparing that list to the problematic emails in the database. After the scan, a match rate returned. The higher the match rate, the riskier the send.

BlackBox is the world's most comprehensive resource for finding potentially problematic email addresses, allowing ESPs to preemptively score the quality of their senders' lists and manage senders more effectively. The more abuse an ESP can prevent, the more they can protect their systems against IPs that are blacklisted by email gateways and ISPs.

Ongoing predictive scoring ensures consistent, reliable decisioning. Using BlackBox as the backbone of a custom scoring model not only lets ESPs predict and manage risk, but ultimately enhances deliverability as a result.

Sign up for your free account and always know the health of your email list.