Someone said:
I think the point here is - how is one to determine if the mis-spelling is
a
mistake by a real user or a compromised machine? in short - you cannot.
We have had several authenticated users have their machines compromised
over
the years and attempt to send out malicious emails; you simply cannot
trust
any user's machine.
Someone else said:
When their programs keeps trying to send to a mis-spelled account,
it's locking down the *whole company*.
For my system, for one company, running inside the firewall and only being
reached from clients inside the firewall (or through a VPN), there is no way
I would/could use an anti-spam/anti-dictionary-attack function that could,
by design, lock out the entire company it is attempting to protect. There
has got to be a way to whitelist a local IP range to avoid this.
If an external client is hijacked and sends crap with authentication, it
should block the IP of the affected machine on that machine's ISP, not
anything locally. Local servers should never be able to be blocked.
This is not an issue for us because we use an anti-spam gateway and an
anti-virus gateway in front of Imail and therefore have all the anti-spam
features turned off in Imail. ASSP has a file to whitelist IP's of servers
you never want blocked and trust implicitly as in your own servers and local
subnet. Likewise you can define IP's of servers that you don't need, or
want, to do connection testing or HELO/SPF/RBL etc. testing. It will still
do content testing and will block individual emails but won't block your
payroll report coming in because one of their desktop computers got hacked
and sent a bunch of spam. It's a compromise to assure the good stuff always
goes where it is supposed to and most of the bad stuff is blocked. The good
stuff taking priority.
Doug Traylor
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
