Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
From the carrier: Although we still have further detailed investigations to carry out, we are now confident we have isolated the underlying cause of today’s issues which eventually caused problems to both our inbound and outbound service to various extents plus resulted in some clients being unable to amend routing on numbers.
Our team have checked all systems are operational and will continue to monitor for some time yet. Meanwhile we will be working hard to understand the cause, the impact and the mitigation steps we need to take. This will take a little time and we ask that you bear with us for a couple of days to complete this work but we will ensure you have a full report on Tuesday at the latest.
Our usual monitoring, support and callout processes will remain in place all over the weekend and, due to today’s issues, we will have additional engineers doing manual checks throughout too but we do not anticipate any further disruption.
Please accept our sincerest apologies for the problems our network has caused you and your customers today, we take any outage extremely seriously but we appreciate this one was particularly disruptive for many clients and we assure you that we will be doing our utmost to prevent a similar situation from recurring in the future.