There is of course the other part that various freemails just might not appreciate their customers sharing passwords with a third party, like say an esp
--srs On 24-Mar-2016, at 8:13 PM, G. Miliotis <corf...@elementality.org> wrote: >> On 24-Mar-2016, at 7:27 PM, G. Miliotis<corf...@elementality.org> wrote: >> >> Now if you are suggesting that they will see multiple different logins on >> their SMTP from the same IP address, yes they will. If they consider this an >> attempt at spamming, i.e. I've harvested logins via phishing and am sending >> spam, maybe they should improve their filters. > >> On 24/3/2016 16:09, Suresh Ramasubramanian wrote: >> If you are confident that all your customers doing this are low volume and >> legit, and none of them will ever be compromised, be my guest >> >> --srs > > A customer's account being compromised and sending spam will blacklist you > even via normal email operations, so I don't see any increased risk there. > We're supposed to have egress filtering anyway, right? Just set lower rate > limits for freemail accounts. > > Lets compare a common scenario to this as a mental exercise. One of my > "normal" non-freemail customers gets compromised and starts sending spam to > freemail.com. Freemail.com bans my IP via their incoming filters, starts > 5xx'ing me. I see this, locate the customer, fix the problem and begin the > process of contacting freemail.com to get unbanned. How can I positively > PROVE to them that the compromise has gone away? They'll just have to take my > word for it. Probability of unban: zero, until enough time has passed for > filters to get wise to the fix. Which could be forever if you're a low volume > sender anyway (true story). > > Conversely, in the case that a specific SMTP AUTH user sending from my server > getting compromised, they will ban me again, 5xx starts. I will notice > immediately and fix the problem with the client. Then, when I go to > freemail.com to get unbanned they will know the specific customer involved. > They will have a measure of how valid my claims that the issue is fixed are. > They have logs to check the account credentials were changed, they have a > contact and hey, it's a CUSTOMER or theirs telling them I've fixed it. Much > easier to believe. Much easier to unblock. At least in a reasonable world. > > In addition, they can take escalating measures against this particular user > (rather than against all my customers) in the first place by disabling SMTP > auth for the account instead of outright banning the whole IP address. Then > the rest of THEIR CUSTOMERS using my server would not be impacted. For > example, Yahoo! does something similar by rate-limiting IPs rather than > outright banning them when their customers complain. So I just turn off > sending to Yahoo for 4 hours while I fix the customer and we're back in > business automagically. I may get 4 hours of queues and impact all Yahoo! > recipients, but at least I don't need to prove I'm not an elephant to a > support person that only has two buttons: "eject" and "patronize". > > Sorry, this got rather long. > > --GM _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
