Re: Anti-Spam Router -- opinions?

[Michael.Dillon () radianz com]

> OK. Make it 100, or make it "20 by default, user can ask for 100".  Or
> anything else like that.  The *POINT* was that too often, a compromised
> end-user machine can send *THOUSANDS* of messages.  Not tens. Not
> hundreds. Thousands.

Here's another way to structure this sort of policy using
a "soft" limit which would also make it feasible to have a 
limit lower than 20.

If any of your user connections is the origin of more than
5 SMTP sessions in a single day, send an email to the 
registered contact at that site with a little statistical
summary of the activity. No blocking of sessions, just a
note saying that we noticed you sent x number of emails
today. Give the user some action such as a URL that they
can do if they believe that this is abnormal.

Then you could make the hard limit for blocking sessions
into a larger number such as 50 which is extremely unlikely
to block anyone's real email. Of course, anyone running
a mailing list would still have to register that fact with
you so that you can remove the hard limit on them.

--Michael Dillon