From: (no name) (no email)
Date: Wed Apr 07 2004 - 07:18:56 EDT
>OK. Make it 100, or make it "20 by default, user can ask for 100". Or
>anything else like that. The *POINT* was that too often, a compromised
>end-user machine can send *THOUSANDS* of messages. Not tens. Not
>hundreds. Thousands.
Here's another way to structure this sort of policy using
a "soft" limit which would also make it feasible to have a
limit lower than 20.
If any of your user connections is the origin of more than
5 SMTP sessions in a single day, send an email to the
registered contact at that site with a little statistical
summary of the activity. No blocking of sessions, just a
note saying that we noticed you sent x number of emails
today. Give the user some action such as a URL that they
can do if they believe that this is abnormal.
Then you could make the hard limit for blocking sessions
into a larger number such as 50 which is extremely unlikely
to block anyone's real email. Of course, anyone running
a mailing list would still have to register that fact with
you so that you can remove the hard limit on them.
--Michael Dillon
|
|
|