[imp] Spammers Using Horde/IMP to Send Bulk Message

Jan Schneider jan at horde.org
Sat Sep 6 11:20:46 UTC 2008


Zitat von JackyC at umac.mo:

>>> Does anyone has this experience?
>>> Spammers used the spam to ask horde/imp user to submit their account
> info
>>> (including password)
>>> Somehow, user submitted.
>>> And spammers use this user account to send a lot of bulk messages.
>
>> Yes, there have been numerous cases like yours.
>
>>> Does anyone has this experience? I am just asking for suggest to
> improve
>>> in Horde/IMP webmail environment.
>
>> There is not much anyone can do but to keep their (and users) passwords
>> safe. Because Horde and IMP are open source, spammers do always have the
>> access to the source code and hence can always find a way to send spam
>> simulating a browser if they have correct credientials to use the
>> system.
>
>> Summa summarum: It's not the client programs fault if someone gets
>> credientials needed to send spam via the program. From a spammers point
>> of view the same thing can be accomplished with numerous other email
>> clients as well (programs running on workstations are off course a bit
>> harder to hack).
>
> I do realize it is not the fault of the client programs.
> The users should pay extreme attention to their credientials not to let
> others get it.
> But if in this case, you have any idea to avoid or just decrease its
> impact to the mail server?
> Let's say, control the maximun number of recipients in horde/imp TO field
> and number of sending mails in a certain period of time by using horde/imp
> in horde/imp configuration?

Both is possible since IMP 4.2.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the imp mailing list