+1 to what Paul said
but the best reason for a non-spam friendly infra owner to enforce outbound limits is to not become a target for hackers. For example, on Mike's IPs attempted traffic spiked from 1-3 mails/day to 21k on Aug 18th towards Microsoft alone and, depending on the spam list, could be the spammer managed 100k in few hours. This is a pretty decent ROI for a random compromised account frankly, most consumer mailboxes allow hundreds of mails/day and even the most premium enterprise Office365/GSuite accounts have 10k/day/user. If your accounts remain valuable, you can make hackers interested in your accounts, which in turn will make them grep through username/password data breaches out there to find accounts or start phishing your customers and you can have long term pains. Smaller players are also attractive compromise targets due to their pristine IP reputation (vs larger providers who use low reputation IPs for outbound spam -> less chances of inboxing at the destination) + they usually lack even basic capabilities on the account protection front. It is wise to be proactive and put good limits so your accounts are not worth compromising more than the big players or "the other guy". From: "Paul Kincaid-Smith" <p...@emailgrades.com> To: "Mike Hammett" <mail...@ics-il.net> Cc: "Michael Peddemors" <mich...@linuxmagic.com>, "mailop" <mailop@mailop.org> Sent: Friday, September 7, 2018 3:29:00 PM Subject: Re: [mailop] GMail Delisting Mike Hammett, > I don't know how much value outbound rate limiters have. There are several good reasons to set reasonable rate or volume limits for outbound email: 1. You help the community (by reducing the harm bad actors cause). 2. You help your customers (if their account is compromised). 3. You help yourself (by earning respect and goodwill, and gain satisfaction knowing you're reducing email abuse vectors). Basically, enforcing egress can help you proactively identify abuse (like compromised accounts), and buys you time to solve the root cause of a problem before it causes significant pain for others, yourself, and your customers. Paul Kincaid-Smith EmailGrades On Fri, Sep 7, 2018 at 10:06 PM, Mike Hammett < mail...@ics-il.net > wrote: I don't know how much value outbound rate limiters have. Some of the blacklists I got on did so after seeing 1 SPAM message. If a user sends 20k SPAM in an hour or 20k SPAM over the course of a month because the messages are rate limited, they still send the same amount and the blacklists still have the same thresholds... unless the metric is messages per hour or something like that. Web interface clients were redirected to HTTPS, but everything else was TLS\SSL. The only tough passwords are ones not in the user's hands. I did look at this page: https://computingforgeeks.com/how-to-set-secure-password-policy-on-zimbra/ and my most existing requirements are close to or meet what they say. A max password age of 90 days would be infuriating as a user. I could maybe see a year. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Michael Peddemors" < mich...@linuxmagic.com > To: mailop@mailop.org Sent: Friday, September 7, 2018 2:32:45 PM Subject: Re: [mailop] GMail Delisting The obvious question.. What are your per user outbound rate limiters set to? If you get a compromised account, and allow it to send 'a bunch' of spam, you will have an ongoing problem. Also, you should look at the obvious ways to reduce compromises. * Are you enforcing TLS/SSL on all clients? * Do you enforce 'tough' passwords? However, you do have a valid complaint, in that Google's reputation service does appear to be geared towards marketers or at least very high volume senders, and for low volume email senders it is hard to get insight into your reputation.. On 18-09-07 11:55 AM, Mike Hammett wrote: > My servers have been blocked by GMail for three weeks. We are an eyeball > ISP, not an e-mail marketing company, so while we aren't in control of > the message, other than compromised accounts, there isn't even much volume. > > We had a user's account get compromised and sent out a bunch of SPAM. > Account was deleted and the servers' mail queues were cleared of > anything sent with that account. I've been delisted from any other > blacklists that I can find (including Microsoft), except for obvious > scam ones that just want you to give them money. Google's Postmaster > tools only show activity on that date the account was compromised. All > other times we're apparently below the reporting threshold. > > Google's support documentation is geared towards marketers, not people > hosting generic communication. Their support forum wasn't of any help, > "Other than Postmaster Tools and Bulk Senders Guidelines, which are > already referenced, I don't know what else they can do." > > I seem to pass various tests I've seen for SPF, DEMARC, DKIM, etc. > > > Not sure how to get Google's attention to fix this. > > > ===== > This is the mail system at host zimbra8-mta1.ics-il.net . > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > > The mail system > > <[redacted]>: host ASPMX.L.GOOGLE.com [209.85.145.27] said: > 550-5.7.1 [65.182.164.55 12] Our system has detected that this message > is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to > Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 > https://support.google.com/mail/?p=UnsolicitedMessageError550 5.7.1 for > more information. 1-v6si5654232iow.84 - gsmtp (in reply to end of DATA > command) > ===== > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
