At many Universities there is a continual problem with accounts being phished and used to send spam. We have a number of measures that catch stolen accounts but they take a little bit of time to block outgoing email.
Ideally I'd like to hold email to either a new address or a new address,sender,sender ip triplet like greylisting uses. Even holding for a minute would give us enough time to lock the account and remove all incentives to phish our accounts (I hope). Is anyone aware of of a greylisting type policy server that can use a specific header, containing the sender ip, or one that just uses the destination address? Thanks for your help. Sincerely, Dan Lannom UM-Dearborn ITS Dept. Postmaster
