On 29 Oct 2013 09:45:02 -0700 "Neil Schwartzman" <n...@cauce.org> wrote:
> the difficulty with a rate-limiting approach is the criminals > reverse-engineer it pretty quickly, and just spread the joy over > numerous accounts. True, though that's quite hard. Given a user population of 10K users, it's pretty easy to phish a handful of accounts. It's a lot harder to phish say 50 of them, so you can only spread the joy so much. Additionally, we apply a (higher) rate-limit to our customer's back-end servers to catch massive spam runs that really do come from lots of compromised accounts. > generally speaking, they pretty much trickle spam out over ATOed > accounts instead of doing it all in one fell (foul?) swoop. Possibly, but we're not too concerned about that. If our IPs send a trickle of spam, we probably won't get blacklisted. If we start spewing like a firehose, we need to stop that quickly. > But yeah, i think John underestimates how difficult it is to do > outbound filtering for more than a few dozen users who expect their > mail to be delivered immediately, for some value of immediately. Yup. We still get support tickets from people who send an email, call the recipient up right away and then wonder why the email hasn't arrived within 30 seconds. :( Regards, David.
