[Mimedefang] OWA spam scripting attack

David F. Skoll dfs at roaringpenguin.com
Thu Oct 23 14:41:37 EDT 2008


Todd Aiken wrote:

[Spammers send spam using stolen credentials via OWA]

> Just wondering if anybody has any ideas at how to stop this from happening?

We've had a customer call about this.  One thing that might work is
rate-limiting outbound mail per sender.  For example, you could prevent
any given sender from sending more than 30 messages per 15-minute window.
Also (or alternatively), alert the admin when a sender exceeds his rate.

If you can slow down the spammers enough (say they steal 100 accounts;
then they can only send 200 messages/minute which is probably way
below what they'd like to send) you might be able to minimize the
damage.

This is very tricky to implement efficiently, relies on the validity of
the envelope sender (which, presumably, OWA can enforce) and may result
in some FP's.  But it's something we might look into.  Anyone want to
fund development? :-)

Regards,

David.


More information about the MIMEDefang mailing list