Mail Submission Protocol

Suresh Ramasubramanian ops.lists at gmail.com
Thu Apr 22 01:35:56 UTC 2010


Log and monitor all that you can.  And watch for a large number of IPs
logging into an account over a day (over a set limit - even across
country - that takes into account "home - blackberry - airport lounge
- airport lounge in another country - hotel - RIPE meeting venue"
type scenarios).

And especially watch for and/or firewall off logins from areas from
where you see particularly high levels of smtp auth abuse / logins to
compromised accounts

--srs

2010/4/21 Alex Kamiru <nderitualex at gmail.com>:
>>>Inside customers, we have not changed to force port 587 and
>>>authentication for email clients, but the topic has come up in
>>>discussions.  This won't of course, stop spammers if they are hijacking
>>>the users local email client settings.
>
> How best would you stop spammers hijacking local users email clients
>
> -Mike




More information about the NANOG mailing list