On 24-Mar-2016, at 7:27 PM, G. Miliotis<corf...@elementality.org> wrote:
Now if you are suggesting that they will see multiple different logins on their
SMTP from the same IP address, yes they will. If they consider this an attempt
at spamming, i.e. I've harvested logins via phishing and am sending spam, maybe
they should improve their filters.
On 24/3/2016 16:09, Suresh Ramasubramanian wrote:
If you are confident that all your customers doing this are low volume and
legit, and none of them will ever be compromised, be my guest
--srs
A customer's account being compromised and sending spam will blacklist
you even via normal email operations, so I don't see any increased risk
there. We're supposed to have egress filtering anyway, right? Just set
lower rate limits for freemail accounts.
Lets compare a common scenario to this as a mental exercise. One of my
"normal" non-freemail customers gets compromised and starts sending spam
to freemail.com. Freemail.com bans my IP via their incoming filters,
starts 5xx'ing me. I see this, locate the customer, fix the problem and
begin the process of contacting freemail.com to get unbanned. How can I
positively PROVE to them that the compromise has gone away? They'll just
have to take my word for it. Probability of unban: zero, until enough
time has passed for filters to get wise to the fix. Which could be
forever if you're a low volume sender anyway (true story).
Conversely, in the case that a specific SMTP AUTH user sending from my
server getting compromised, they will ban me again, 5xx starts. I will
notice immediately and fix the problem with the client. Then, when I go
to freemail.com to get unbanned they will know the specific customer
involved. They will have a measure of how valid my claims that the issue
is fixed are. They have logs to check the account credentials were
changed, they have a contact and hey, it's a CUSTOMER or theirs telling
them I've fixed it. Much easier to believe. Much easier to unblock. At
least in a reasonable world.
In addition, they can take escalating measures against this particular
user (rather than against all my customers) in the first place by
disabling SMTP auth for the account instead of outright banning the
whole IP address. Then the rest of THEIR CUSTOMERS using my server would
not be impacted. For example, Yahoo! does something similar by
rate-limiting IPs rather than outright banning them when their customers
complain. So I just turn off sending to Yahoo for 4 hours while I fix
the customer and we're back in business automagically. I may get 4 hours
of queues and impact all Yahoo! recipients, but at least I don't need to
prove I'm not an elephant to a support person that only has two buttons:
"eject" and "patronize".
Sorry, this got rather long.
--GM
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
