I manage some similar volume domains and haven't seen that personally.
Detecting the compromised account quickly (before you land on an RBL) is
imperative. Allowing a compromised account to send 10's of thousands of
messages over a period of several days is going to land you on a number
of naughty lists (public and private RBLs) and you should expect it will
take days for removal.
If you can limit these events to a few hundred messages you can probably
evade any naughty lists other than maybe a temp rate limit by
Yahoo/AOL/Verizon or similar. I would recommend that you limit the
damage one customer can do by limiting the rate of messages one user can
send (may be a few hundred per hour) as well as the total number of
messages allowed per day from any given user (whatever works for your
users, whether that be 100, 1000, or 10k). NOC alerts for users that
exceed those limits will help you catch these events before you receive
feedback via other mechanisms (queue size, feedback loops, user
complaints, etc).
--Blake
Mike Hammett via mailop wrote on 10/25/2019 2:02 PM:
20 - 30 messages a day? I'm just guessing.
Now that's 20 - 30 messages a day hitting that particular service.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Ken O'Driscoll via mailop" <[email protected]>
*To: *[email protected]
*Sent: *Friday, October 25, 2019 12:08:29 PM
*Subject: *Re: [mailop] Low-Volume Domains\Servers
On Fri, 2019-10-25 at 11:34 -0500, Mike Hammett via mailop wrote:
> One time one of them told me that because my normal volume was so low,
> they didn't have much to go on for validating the problem had been
> corrected.
Exactly how low is low?
I work with some smallish ISPs and they don't have this issue so hence why
I ask.
Ken.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
