Re: [exim] Slowing Blacklisted Authenticated Users

On Tue, Nov 27, 2012 at 6:13 PM, Matt <matt.mailinglists@???> wrote:

> When I have an email account with a compromised password that is
> pumping out junk with auth SMTP the sending IP is virtually always in
> XBL. When I have legitimate senders using auth SMTP they are
> extremely rarely listed.
>
> So, I feel that if an authenticated sender is listed in XBL I feel
> there is a 98+ percent chance it is compromised and pumping out junk
> mail. For the remaining 2 percent I would like to restrict too around
> 10 recipients an hour so its still usable but cannot send enough
> volume to be of use to a junkmailer.
>
>
That volume is still far beyond what is needed to get you blacklisted by
Proofpoint, which means your users will not reach icloud/mac/me.com, PWC,
and a bunch of others who are too shy to admit they use Proofpoint's
blacklist. And neither Proofpoint nor these companies will help you
discover that you had a problem, nor will they provide information when
you've been blacklisted.

There are others with stupid blacklist implementations out there, with
similar automated restrictions with no appeal (Microsoft and Yahoo come to
mind).

It is probably better for both you and your authenticated senders that you
block them, this will alert them to that there is a problem, and you can
perform some manual filtering of which customers are real and which are
compromised.
--
Jan