On Friday 17 Feb 2017 at 21:51, David Jones wrote:
> Not all compromised accounts these days blast out at a high rate like we
> used to see years ago.
True, but also, some still do.
> I have had a few sneaky ones recently trickle spam through to stay below
> the radar so rate-limiting is not the answer with outbound mail
It may not be *the* answer, but it's a good (and simple) addition as _part_ of
the answer.
> I was able to build a SQL query to catch the slow sending compromised
> accounts. So far it looks reliable with a sane threshold. Just waiting for
> another compromised account to see it trigger a block.
Keep us updated.
For some folks, though, a simple solution which helps with the worst offenders
(as far as spam volume, and network bandwidth, are concerned) is worth more
than effort of creating a more complicated filter.
Antony.
--
Salad is what food eats.
Please reply to the list;
please *don't* CC me.
