> Setting limits on the number of messages sent at one time prevents
> mail bombs (sometimes called dictionaries) from trying to send a
> couple of thousand Emails to non-existent and existent users.
That's good to help reduce incoming spam (spam sent to local users).
But what about relaying, where a spammer gets a dialup connection, and sends hundreds
of thousands of messages through your mail server? This would cause a huge waste of
money (time and expense in cleaning up the mess). I think the only reliable option in
IMail is to force users to come from specific IP addresses, or use SMTP AUTH. I was
thinking of coming up with a method that would prevent this, without forcing users to
change their E-mail settings.
> In SMTP Security setting the check in the Disable SMTP VRFY Command
> box prevents spammers from mass verifying Email addresses as valid
> on your server.
FYI, although this is very, very common (disabling VRFY), it doesn't do a thing! All
you have to do is send a "MAIL FROM" command, and then a "RCPT TO" command, and you'll
see whether or not the user exists. You can send multiple RCPT TO commands to check
further users. Of course, spammers (or spammer program designers) may not know this.
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
