Someone is trying to access my mail account, what safe actions can I take?

As far as I can tell, gmx does currently not offer 2FA. That is unfortunate but not necessarily catastrophic.

Do you have to use the address to send e-mail? If not you might be able to get around the problem by just forwarding incoming mail to another account, preferably one with 2FA enabled. After you set up a forwarding rule, you can put a really, really long and secure password (50+chars) on the account and save it somewhere safe.

Otherwise you'll probably have no real chance to secure the account itself.

You are currently using passwords with a length greater than 20 chars, I hope? If not, start doing so immediately. Use a password safe so you don't have to memorize them.

Also, please get the gmx security team involved. Probably it's just skiddies or bots (I had an attack like that on an old address I don't use anymore) but if not they might be thankful for a hint.


Note that I mentioned using a long password and not one drawing from a large character set.

The complexity of the character set does not by itself make your password better. Length runs circles around complexity while juggling chainsaws.

See this relevant xkcd comic for a visual explanation.


You don't need to close your account. An email address is a public information, just like an address. You wouldn't envisage to move because someone checked that your house door is correctly closed, would you?

You best move is to ensure that you are using a good password to protect your account.

People may sometimes have a wrong comprehension of what a "good password" may be, here are two links which will give you more insight about this:

  • XKCD #936: Short complex password, or long dictionary passphrase?
  • How to Create a Strong Password (this is an external link, but I found it to be very pedagogical in its approach).

The most important is to use a password:

  • Which is not easily guessable.
  • Which is you are not using at any other place.

Also, if there is any "security question" associated to this account (the process allowing to recover a forgotten by password by answering previously configured questions such as "What is your childhood city?"), you may as well either disable this system (recommended) or at least ensure that the answers provide at least the same level of security as a password (usually not the case, by design).

The attacker is attempting what is called a brute-force attack in which he is successively attempting hundreds, if not thousands of probable passwords. "Probable passwords" may range from passwords often used by people ("letmein", "12345", ...), dictionary words ("goodcoffee", ...), possibly words related to you (words derived from you login, gathered from your blog or other public resources, etc.).

As soon as you are using a good password, all these attempts will be moot by definition and your account will therefore remain secure. Expect for such attack to last for a few week, until the attack considers it is not profitable anymore and switch to another target.

In case this attack may be personal, apply the same process to you other passwords (personal computer, social media, etc.), check that your have applied any available update to your other systems (apply update to your computer, to your blog software if you administrate it, etc.) and pay a special attention to not click on a link or open a file provided in any suspicious email or message (blog comment, messenger notification, social media message, etc.).

But often such attack has nothing personal, it is just coming from attackers scanning random email addresses to find low hanging fruits (there are various ways for an attacker to take advantage and monetize a hacked email address).


I think there are two important points missing from the other answers that have been posted, I listed these in points two and three in this answer.

First of all, yes, change your password to a long, strong password. This topic is extensively covered on this site. It shouldn't take you more than a minute to find other good questions regarding this topic.

Second of all, prep your account if there is a break-in. If I understand you correctly, you are planning to change accounts (and in my opinion you should). Start now, because this is not a 5 second process. Donwload and encrypt all your mails and delete them afterwards, especially those containing important information. Identify all services linked to this mail adress and change your account information. Send a letter or a mail to gmx asking to delete all further saved data regarding this account and say goodbye forever.

Third of all, create a new account, with 2FA (2-factor authentication). As WhiteWinterWolf pointed out in his comment

2FA protects you against an attacker who already knows your password

Additionally it makes bruteforcing your login credentials much harder, because an attacker not only has to guess your password but also your second factor.

On a sidenote: IMHO a good mail provider forbids this many tries to log in to your account. Ideally this would set off some form of security protocol that either blocks the attacker if possible or at least would give the affected user some more details about what is happening.

After creating your new account, start redirecting used services there. You should also choose a provider that enables you to use some kind of encryption for your mails. Don't use big mail providers like gmail or yahoo. As product recommendations are not encouraged here, I would advise to research this a bit and to choose a secure mail provider who respects e-mail privacy.

WhiteWinterWolf said in his answer:

You wouldn't envisage to move because someone checked that your house door is correctly closed, would you?

Well, I would move if I can't close the door lock properly, every now and then other people would check my mails for malicious content and every day people would try to screw with my lock.