Despite our best efforts, some of our students still fall victim to phishing scams. The accounts are always used to send spam through our system. To help mitigate the damage: * The sender address on a message must match the account that authenticated; if somebody's account is used for spam they learn their lesson. (Certain exceptions are made for pre-defined, legitimate uses.) * Different servers (and different configurations) for ingress mail, egress mail, and egress bulk mail. * The rate limiting is set at about twice "normal" levels. If the rate gets close to the limit I can be pretty certain something is going on. A script checks the mail queue to determine if a single account is sending too many messages, disables the account, and deletes their messages from the mailq. (Note that legitimate bulk mails should never go through that server, so this is considered "safe".)
On Mon, Feb 7, 2011 at 6:38 PM, Jim Hickstein <[email protected]> wrote: > I'm in the review loop for a new security standard (among many) dealing with > SMTP, at the edge of a large enterprise. Apart from the obvious (use > encryption, stupid) it doesn't say that much. SPF is specifically there, and > I > was able to add a few caveats about SMTP AUTH getting co-opted by spambots > (hence needing rate- and resource-limiting as well as antispam scanning); and > it > already mentioned not letting sender addresses leak out with other than the > company's own domain name. I raised a question about whether to permit > subdomains. > > What other good ideas do people have for such a thing, in this day and age? I > worked for an email vendor for so long, I think I'm too far out of the > operational loop. > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
