North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Michael.Dillon
  • Date: Thu Feb 03 10:37:00 2005

> Now, once 100K zombies can send *only* 1000 spam messages a day instead 
> of 10K or even 500K, it makes a difference, but it is no solution.

I'd like to see rate limits set much
lower than that. Perhaps one message per day
to begin with. After the message is sent,
send the customer a reminder about the limit
and tell them how to get to a web page
to increase the limit. The web page would
only accept an incremental increase. For
instance, if your limit is one, you can
bump it up to five per day and that is all.
Then, if you exceed the new limit, you once
again have the opportunity to bump it up
by five more. Most people won't need more
than 10 or 15 per day limits.

People who need more can call their customer
representative and order the volume mail
add-on product. They will have to agree to
a contract that allows you, the operator,
to completely block their net access without
notice if it appears that a bot/virus may
have infected their systems.

I'm sure if you discuss this kind of stuff
with your product development and product
marketing people, they will come up with more
interesting variations.

One message per day is not too low. There are
people who never use email. They just browse 
the web and use IM. Why should you, the operator,
allow those customers to inject huge numbers of
email systems into the Internet as botnet drones?
1000 a day is way too high, IMHO.

--Michael Dillon