On 22/07/15 18:05, Viktor Dukhovni wrote:
On Wed, Jul 22, 2015 at 05:55:04PM +0300, Edgaras Luko?evi?ius wrote:
All this is done to put users into our own "classes" (eg. spammers vs.
non-spammers).
If your autheneticated submission user is spamming, suspend their
ability to send outbound email.
Already doing that if we are 99.9% sure user is spamming.
"Dirty" pool is for users that *possibly* spam, a "cool down spot".
Because there are clean and dirty IP pools and if we see that
user *may be* abusing email (or any other) system we want to put them to
"dirty" pool for some time.
Don't operate a "dirty" pool.
While this works with ordinary senders, it does
not for aliases and spammers are abusing that (we have a few IP addresses
blacklisted by gmail, yahoo, hotmail because of this).
Sounds like you're allowing users to create aliases that forward
mail to third-parties. Don't let them do that. Require confirmation
in response to a mail you generate, before activating the alias.
This feature will be soon deployed to production. As few other
confirmations.
If not, explain in more detail.
Thanks.
