Filtering messages with non-existent recipients RSS Back to forum
@ant06ka:
ORF does not offer such option (the false positive rate would be unacceptably high), but you can achieve something similar by using the DHA Protection test (http://vamsoft.com/r?o-hto-adm-dhaprotection), which blacklists senders by IP for all recipients for X amount of time if they have sent emails to Y number of non-existent recipients within Z minutes. X, Y and Z are all configurable values (http://vamsoft.com/r?o-hto-adm-dhaprotectionsettings).
The default setting is 3 invalid recipients within 3 hours, which will result in a 24-hour blacklisting period: this worked pretty well in our test lab, but you can experiment with different values (e.g., by setting 1 invalid attempt within 1 minute), though false positives are likely to occur with such low values.
Curious, why 24 hours? We've been bumping up our blacklisting by weeks now, and not seen any negative impact. Honeypot is strikingly useful versus url filtering now. We use evry old addresses that have not been in use for 5+ years and anyone legit would have long since stopped mailing.
The issue we have comes down to shared MX outbound hosting. A spammer on a shared domain spams us, and the entire domain is then blocked for other customers. Seen this with google, yahoo, as well as mxlogic. Any thoughts?
@indy: we simply felt 24-hours should be safe enough to be the default. As for shared hosting, the only solution is excluding the IP ranges of such hosts from the scope of the DHA test unfortunately (Administration Tool: Blacklists/DHA Blacklist, Settings, Exceptions, IP Exceptions).
Hi! We have ORF Fusion 5.2
Can I block a message if the "recipient" has at least one non-existent user?