This article was originally published as part of the Pobox blog. Pobox was acquired by Fastmail in 2015.

Last week, I notified you about a policy change to our SMTP relay.  We got a fair number of questions about it, so let me clarify why we made the change.  Over the last few months, we have seen more than 30 paid, active-for-many-years accounts compromised and used to send spam.

At least once a month, a major web service announces that their email database has been hacked.   (Most recently has been Sony; Gawker Media, which includes Gizmodo and Lifehacker; and Fox TV.) Analysts estimate that 20% to 35% of people use the same password for nearly every website.  If you use the same password for your Pobox account for other accounts on the Internet, you have an excellent chance of your account being used to send spam at some point in the near future.

 So, what should you do?  Go change your Pobox password now.  While you're at it, go change the passwords for any other email accounts you still have open.  (Yes, that means the old Hotmail account you never closed down, too.  Haven't you gotten apologies from your Facebook friends yet about the spam they've sent out?)

Make sure you use different passwords, or this post will be up again in another 6 months. But how are you supposed to remember different passwords for all the different sites out there?  Like you, I do not have an endless memory for passwords, so I use 1Password.  Prefer to go for a non-software solution?  Here are some suggestions for alternate methods of generating site-specific passwords.

I know I harp on the topic of password security a lot.  But it's a big, bad Internet out there, and there are a lot of folks who are interested in using your good name to spread viruses and botnets, sell Viagra, and scam your friends.  Keeping your password safe is more than just good for you.  It's good for everyone whose email address you have, from the person who last corresponded with you in 1996, to your boss, mother, and best friend.