Paul L. Allen wrote:
Tom Collins writes:

What if the system tracked it by IP, and after three failures locked 
out connections from that IP for 10 minutes?

That has problems for companies behind a firewall which use external mail
servers (we have several clients in that situation).  All it takes is one
person to type his password wrong and they're all locked out for ten
minutes.  Worse, he types it into his mail client configuration and polls 
every five minutes.  The result is that they get onto us and complain that 
our mail servers are broken.  Then we waste 15 minutes convincing them
that they have to disable all their mail clients for ten minutes then
turn them back on one at a time until they find the one with the bad


He meant log it on an account AND ip basis.

Reply via email to