On Jul 27, 2009, at 11:56 AM, Martijn de Munnik wrote:
I guess I need prohibit the catch all account and offer the solution with the delimiter instead. That way all spam to bogus email addresses get rejected because the address does not exist.
That is the best course, yes.
But still I wonder if there is a way to stop the spam attack. The catchall account did exist for a long time but was under attack only for a short period (couple of hours). Is there a way to limit the effect of such attacks? The user normally only receives about 10 messages per hour. So hundreds of messages per hour is a clear sign that a spam attack is happening.
So, in those hundreds of emails, which ones do you allow through. You could have a policy service that started returning 450 errors for the account after it reached some threshold number of messages per hour and hope that none of that spam was retried and all of the ham was, but that could end up getting very ugly, very fast.
-- How do you feel? I'm lonely What do you think? Cant take it all Whatcha gonna do? Gonna live my life
