Wow! No love for your users, huh? We have near the same numbers as you.
More below...
---------- Original Message ----------------------------------
From: "Robert J. Fehn Sr." <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 9 Jan 2001 11:13:17 -0500
>Concerning free email services run on Imail:
>
>We operate a free Email service using Imail with around 50,000 global users.
>Have been for 2 years. I'll give you my thoughts on such a thing. Its a bit
>long but, it may help you make a decision:
>
>1. While not totally suited for the task, Imail has done well. The key is,
>of course, to keep the undesirables out. This will be your hardest task.
>First, your Imail server MUST be locked down with "Relay for Addresses" set,
>NO LDAP, no FINGER, no WHOIS, no IMAP, if you can get away with it. Force
>all users who want SMTP access to use SMTP AUTH.
Agreed. On this.
>2. Hire a programmer or, make sure your skills with VBscript or Java are up
>to the task. We use an external database (SQL 7 server) for authentication
>with custom sign up scripts and customer utilities and maintenance routines.
>New signups are shown the usual warnings about spam etc and shown their IP
>address and informed that their IP and ISP information (trace routed) is
>being recorded. They are also required to enter a valid ISP email address.
>The sign up script sends a message to this address requesting confirmation
>of the account's creation and instructions on what to do if the recipient is
>someone other than the account creator. They are told before hand that if
>the message bounces or, the holder of the Email address objects, the account
>will be deleted immediately.
>
>Requiring this is about as far as you can go without getting more than the
>usual name, address, etc information. You COULD require credit card info
>but, this may not be legal in some areas unless you actually charge the
>customer something for service, and there is this strange connection between
>spammers and stolen or fake credit cards.... <G>
yes - imail is in need of some options. Since we actually use the imail db (with zero
problems) we have had to write extra scripts to handle things like setting a variable
max user size by editing the registry. Why require an isp email address? What does
that even mean? How do you know? Is there a big list you check? or does the whois
have to match which would throw out millions of users where this does not match their
email domain?
>3. Actively monitor your abuse and administrative mailboxes! Make SURE you
>have "abuse", "support", "hostmater", "webmaster" etc addresses and post
>your abuse address to all services that list same for your domains. This is
>the single most important thing you will do. When a spam complaint comes in,
>act on it and reply to the sender with what you have done.
>
>Our policy is to terminate accounts on the FIRST verified complaint. We sign
>up around 100 new users per day, loosing one or two to protect your system
>is perfectly acceptable.
Yes. We monitor our abuse address very closely - but we also like our users. Too
many outside people will send fake complaints just to try and kick someone off the
system. Or a one email request is not spam - it may have actually been a legit
question or offer. We love our users and do not make such quick triggered responses.
Even though we are a free service - some people use this as their main email address -
they have given this address to their friends and family. They rely on our service.
I do not treat closing an account lightly.
>4. Limit outgoing messages per session. We allow 10. We do not supply
>mailing lists. If a user needs more than this, there are other services out
>there that don't care.
>
>5. Don't, I repeat DON'T, try to save money on the Imail box or the SQL
>server. When using an external database, speed is EVERYTHING! If your SQL
>server bogs down, SMTP AUTH will fail. Your SQL box should serve the Imail
>server only. Do not, under any circumstances, try to run Imail and SQL on
>the same box. Make sure you are using 100 mbs or better through a switch. No
>hubs, no 10 mbs cards.
>Of course, you could use Imail's internal database for this and not need
>SQL. We prefer to have the extra control over customer records SQL provides
>but, there are some fine utilities out there (the authors are on this list)
>that will allow you to add records to Imail's database from a script.
Again - we use imail db with zero problems. I know some people feel this is
unaccetable - but honestly - no problems and one less box. We do keep an external db
that we update just for user tracking - but not for logging in etc.
>6. Actively groom your server. We run scripts daily that report on customers
>who have reached 80% of their mailbox size. These send a warning to the
>customer and a report to us and if nothing is done, deleting the mailbox in
>question when it reaches 100%. Monitor your spool directory! Again we run
>daily scripts that delete files in spool if they are older than 4 days.
>Limit your send retries. We allow 3 retries before giving up, 15 minute
>queue timer. May be a problem sometimes with Yahoo mail and AOL but, that's
>life. Monitor your log files! Look for trouble before it finds you!
Wow. You delete all their mail when it hits 100%? Why? Why not just bounce it?
What if they were sick? had to travel? simply forgotten about the account for a
little bit? What if they were being mail bombed? I am stunned. Delete the box?
Harddrives are cheap. I would never treat a user like that.
>As far as spam is concerned, we get one or two a week and delete their
>accounts on notification. Not too much they can do to harm you if you limit
>outgoing messages. This all assumes you want to supply SMTP and POP3
>service. If strictly Web mail, a lot of these problems go away but, so do
>the customers.
We allow pop3 but no smtp outside of the web. We tell them to use their isps. Since
we are not an isp - they have to be connecting to the inernet somehow. We get no
complaints from our users and no problems associated with smtp abuse. We do have
scripts that check for last weblogin and warn users about that -they have to login
once every 60 days.
We have done it for over a year and its been great. We look at our users as friends
and try to help them foremost. I guess it may just be a difference in philosophy -
but I know where I would want my email account...
Chet
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
