Am 06.03.2014 18:04, schrieb Adam Moffett: > Two steps eliminated this problem for us: > > 1) Accounts with more than 6 failed login attempts in a 10 minute period are > disabled for 10 minutes. This makes > brute force methods to find passwords almost impossible.
that is fine > 2) Limit to 200 outgoing messages per day per user. We'll raise it to any > reasonable value for an individual > account. I.E.: We'll let you send 1000 per day so you can get your church > newsletter out, but we won't remove the > limit completely and let you spam (knowingly or not). This minimizes the > damage if a password is still compromised. > > 200 is a pretty high limit. Very few people send more than 50 in a day, and > almost nobody sends more than 100. We > set it at 200 so we wouldn't have to hear from anybody who isn't bulk mailing i know users hitting the 200 per day regulary frankly they exceed 50 smtp connections per 30 minutes, manually written mails :-)
