GeoIP Account Locks and Hacking

Post your MailEnable suggestions here.
Post Reply
Green
Posts: 31
Joined: Tue Apr 25, 2006 6:46 am

GeoIP Account Locks and Hacking

Post by Green » Wed May 07, 2014 6:50 am

Please add a GeoIP service to ME where one can then determine which countries are allowed to authenticate against which postoffices or even against a specific account for any and all services, especially SMTP, POP, IMAP.

This would resolve the issues everyone is having with hackers locking up accounts due to password policies (which is currently the only defense). Reality is, 99% of postoffices are region - or even country specific, whilst 99% of hacking attempts are not from same said region/country.

If this can be set per account one could also cater for the scenario where someone goes overseas for business or vacation.

Furthermore, this same service can then also be used for example to add a SPAM score to emails if generated from this or that country.

GeoIP would be of huge benefit to ME in ways I'm sure I haven't even thought of.

Major current problem is that ME can't be used safely in a Cloud situation - where it is hosted on a shared servers and needs to service clients which do not have static IPs. Which means one has to open ME to all IPs worldwide, which means one has to let the hackers have a full go at it and only have reactive defenses like locking mailboxes. Be pro-active instead, and lets keep authentications at worst to the countries that are suppose to be authenticating. This will severely hamper hacking/spamming attempts and if still attempted it will mean the hack needs to come from an IP residing in the same country as the postoffice - read: under the same laws and regulations as the postoffice being hacked and therefore very dangerous for a hacker and legal avenues to follow for the postoffice owner(s). For ex. even though the hacker can still use a local proxy server to initiate the hack, at least there would be an easy route to get said proxy shutdown. And in a best case, if the hacker was actually residing in the same country, an arrest becomes a real possibility.
ME Ent Pre 9.62
WinOS 2012R2

Heavyd1982
Posts: 15
Joined: Tue Apr 10, 2012 7:53 pm

Re: GeoIP Account Locks and Hacking

Post by Heavyd1982 » Thu May 22, 2014 6:59 am

+1

Post Reply