[horde] Email Send Limits To Discourage Spamming

Andy Dorman adorman at ironicdesign.com
Thu Mar 19 15:51:48 UTC 2009


We are about to re-open our webmail service for public sign ups and I was 
wondering if anyone in the group has any thoughts about reasonable limits for 
sending emails?

FWIW, we actually opened the service up three weeks ago with no sending limits. 
  That was a BIG mistake.  Within a week the spammers found us and in the space 
of a few hours sent over 144 thousand bank scam emails and got us blacklisted by 
just about everyone.

So before we allow more public sign ups we will have max limits on recipients 
per email and per 24 hour period.

Has anyone else found it necessary to set limits?  And if so, what limits have 
you found effective in slowing the spammers without upsetting too many of your 
good users?

Also, will anyone be interested in the code we used for blocking sending per 
email and per time?  Since we use OpenLDAP and Memcachd already, we elected to 
use prefs (that are locked/not adjustable by the user and can be loaded from 
LDAP) to set default and per-address limits and memcache to track the recipients 
sent to per 24 hr block.

If anyone is interested, I would be happy to either send in the actual code (not 
much was needed thanks to how Horde/imp is already set up) or figure out how to 
do a patch against the current CVS code (we use Bazaar).

Thanks for any thoughts from those of you that have experience with email 
sending limits.

-- 
Andy Dorman
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net


More information about the horde mailing list