[imp] IMP Abuse (was Howto remove client IP-Address)

Listaccount lst_hoe01 at kwsoft.de
Thu Jan 31 08:12:41 UTC 2008


Zitat von Liam Hoekenga <liamr at deathstar.org>:

> Jan Schneider wrote:
>> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>>
>>
>>> This is exactly what we did.  Since you can change your "from" and
>>> "reply-to" fields in your identities it became necessary to embed the
>>> user's actual login ID in an X-header so that we can identify the
>>> source of spam.  We also took it one step further and added a bit of
>>> code that keeps a running total of the number of recipients a user
>>> has sent to in a given session (stored in the memcache session
>>> variable itself).  Then we've set limits so that if a message has
>>> more than 50 recipients per message it will refuse to send it (we
>>> display a message saying that it's much more appropriate to use a
>>> mailman list for messages of that size).   Plus if the cumulative
>>> total recipients per session is over 200 it will no longer allow the
>>> user to send mail (until they log in again with a clean session).
>>> We've nailed a whole bunch of spammers with this functionality with
>>> the added bonus of getting people who maintain large mailing lists to
>>> use the list server rather than Imp, which is better for all concerned.
>>>


It would be *really* nice if one can limit the mail addresses a user  
can set to the ones the administrator has tied to the account. Instead  
of entering free text it should be a list-box with addresses from the  
database.

Andreas


-- 
All your trash belong to us ;-)  www.spamschlucker.org
To: stephan at spamschlucker.org




More information about the imp mailing list