Results 1 to 13 of 13
  1. #1
    Join Date
    Nov 2002
    Location
    Bay Area, California
    Posts
    309

    the real poop on email abuse

    We had a signup the other day, late in the afternoon.

    When i checked my mail the following morning i saw notices from the webserver telling me that this user had suddenly started sending emails about 4am.

    We have a limit in place that controls the rate at which each user website can send mail, but this is how many mails he _tried_ to send in each hour:

    47125
    52321
    34575
    24634
    56834

    Then I terminated his account.

    We get 2-3 of these fraudulent spammer signups a week.

    If we didn't have protection built into the mailserver then ALL of these messages would have gone out, and maybe more, before we got a single complaint and had any idea there was a problem.

    I realize that it can be hard, complicated or even expensive, to secure your mailserver against your own customers, but it is essential that you do so.

    If seeing these numbers doesn't convince you, then you really do deserve to find your mailserver on spews or any other realtime blacklist.

  2. #2
    thats very interesting how blatantly obvious someone can violate the tos. is it fair to put together some kind of blacklist for people who dont follow the rules?

  3. #3
    I had a spammer a week or two ago as well. He sent out 50,000 emails through the server. I should use the hourly rate limit thingy in WHM too - however I am trying to work out what a reasonable rate is. Some of my customers do send a lot of (legitimate mailing list) mail.

    What limits do other hosts use?

  4. #4
    Join Date
    Aug 2002
    Location
    Louisiana
    Posts
    396
    no more then 2,000 mails per day, that works out to be around 83 emails per hour. 100 per hour should be good for people that do need to send alot of email, but it should also keep spammers away
    modiphy.com :: Phenomenal Web Design
    modiHost.com :: Affordable Web Hosting


  5. #5
    Join Date
    Nov 2002
    Location
    Bay Area, California
    Posts
    309
    our system lets us set a different limit for different customers, thank goodness.

    i'm sure if we had to pick a single limit to apply to everybody we would have big customers asking for us to move it higher, but that would let more spam slip through. ick

  6. #6
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    Good post, but could the reason "We get 2-3 of these fraudulent spammer signups a week" also have something to do with pricing stucture? I cetainly agree with the need to protect servers from abuse before it becomes an RBL issue, but passive client screening (eg: more expensive signup) can work wonders also. Simply making it cost money (more than a few bucks) to sign up for a new account tends to remove 99% of TOS abusing signups, though that obviously doesn't account for the good clients who are careless with passwords, etc.
    Last edited by SROHost; 05-11-2003 at 03:47 AM.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  7. #7
    Join Date
    Nov 2002
    Location
    Bay Area, California
    Posts
    309
    So far as I can tell it doesn't really matter how many dollars you charge.

    So long as it's an online signup they will just give you a credit card number and do a chargeback if you shut them down.

    It pisses me off, but that's the state of the world right now.

  8. #8
    This problem worries me too. Is there a way to limit the number of outgoing emails per hour for a user on an Ensim 3.1 server? I have asked this all over and nobody seems to know how to do it.

    If I can't do this then sooner or later someone will sign up with a stolen credit card and go on a spamming spree. My servers are all at Rackshack and they go mental over spammers so I really need to figure this out.
    Kaleton Internet
    Private-label reseller accounts for professional web hosts
    www.kaleton.com/resellers

  9. #9
    Join Date
    Aug 2000
    Location
    Tacoma, Washington
    Posts
    9,576
    Originally posted by Luxore
    So far as I can tell it doesn't really matter how many dollars you charge.
    Maybe it does. Based on your figures your spammer signups are well over 100 times what we've gotten over the past three years.

    That sort of fraud/spam rate needs some serious looking at I think. Are you advertising in places that may attract them?

    Greg Moore
    Former Webhost... now, just a guy.

  10. #10
    Join Date
    Nov 2002
    Location
    Bay Area, California
    Posts
    309
    back in the olden days when we ran a local isp there was no fraud at all.

    i suspect that we would get less of these if we did not have a fully online signup.

    our primary advertising venue is google :/

  11. #11

    Problem being..

    Originally posted by modihost
    no more then 2,000 mails per day, that works out to be around 83 emails per hour. 100 per hour should be good for people that do need to send alot of email, but it should also keep spammers away
    One of my newsletters has 4,000 true subscribers, what then?

    What about my other newsletter that has 600? It will take 6 hours to send it out!

    Just some thoughts from the other side of the monitor....

  12. #12
    Join Date
    Mar 2003
    Location
    Austin, TX
    Posts
    132

    Re: Problem being..

    Originally posted by stratola
    One of my newsletters has 4,000 true subscribers, what then?

    What about my other newsletter that has 600? It will take 6 hours to send it out!

    Just some thoughts from the other side of the monitor....
    I would suggest that a webhost isn't the best thing to be using to send a bunch of e-mail, in that case.

  13. #13
    Understood jbishop, however a lot of hosts promote the fact that customers can send out newsletters through them, etc...

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •