On Wed, 2004-04-07 at 13:18, Michael.Dillon@radianz.com wrote:
If any of your user connections is the origin of more than 5 SMTP sessions in a single day, send an email to the registered contact at that site with a little statistical summary of the activity. No blocking of sessions, just a note saying that we noticed you sent x number of emails today. Give the user some action such as a URL that they can do if they believe that this is abnormal.
Why not use a more detailed time-interval based approach only blocking further SMTP connections for say an hour if a user made more than x connects in an y amount of time and automatically resetting the counters and block afterwards..? On top of the x/hour you could make the mechanism less of a burden by putting in an option that would allow connections to be "saved" for a maximum of two or three hours, so when someone comes into his office in the morning he can safely pour out his start-of-the-day e-mail flow without being bothered by the rigid 10 e-mails/hour since there wouldn't have been any connections in the few hours before coming into the office and he might be able to send 20 or 30 e-mails in the first hour before the counters are reset. Spammers can only work when making enormous amounts of connections each hour, so limiting a normal user to 10 connections per hour with some extra slack after two or three connectionless hours, with an hour blocking penalty if the user goes over shouldn't pose a problem to Joe Average and will definitely keep spammers at bay without the added administrative overhead of sending user's mail statistics. Ofcourse as you mentioned, mailinglists and certain users making extreme use of e-mail should always have the possibility of registering for more connections, but when done correctly this could be a more or less hassle free way of controlling mail connection rates without burdening 99% of all users. Regards, -- --- Erik Haagsman Network Architect We Dare BV tel: +31(0)10 7507008 fax:+31(0)10 7507005 http://www.we-dare.nl