On Thu, Mar 31, 2011 at 11:41:19AM -0500, Stan Hoeppner wrote: > D G Teed put forth on 3/31/2011 10:21 AM: > > > I'd like some idea of what real world values would be useful, or additional > > suggestions > > on how to make the performance less attractive to users of compromised > > accounts. > > When you find a reasonable and effective solution to the phishing > problem please share it with the rest of us.
A good solution for large providers with many users some of whom may have compromised accounts is per-user rate limiting, which is possible via many of the more popular policy plugins. -- Viktor.