[69346] in North American Network Operators' Group
Re: Anti-Spam Router -- opinions?
daemon@ATHENA.MIT.EDU (Michael.Dillon@radianz.com)
Wed Apr 7 07:21:03 2004
In-Reply-To: <200404061843.i36Ihdrh020738@turing-police.cc.vt.edu>
To: nanog@merit.edu
From: Michael.Dillon@radianz.com
Date: Wed, 7 Apr 2004 12:18:56 +0100
Errors-To: owner-nanog-outgoing@merit.edu
>OK. Make it 100, or make it "20 by default, user can ask for 100". Or
>anything else like that. The *POINT* was that too often, a compromised
>end-user machine can send *THOUSANDS* of messages. Not tens. Not
>hundreds. Thousands.
Here's another way to structure this sort of policy using
a "soft" limit which would also make it feasible to have a
limit lower than 20.
If any of your user connections is the origin of more than
5 SMTP sessions in a single day, send an email to the
registered contact at that site with a little statistical
summary of the activity. No blocking of sessions, just a
note saying that we noticed you sent x number of emails
today. Give the user some action such as a URL that they
can do if they believe that this is abnormal.
Then you could make the hard limit for blocking sessions
into a larger number such as 50 which is extremely unlikely
to block anyone's real email. Of course, anyone running
a mailing list would still have to register that fact with
you so that you can remove the hard limit on them.
--Michael Dillon
