Skip to content

Vincent Re

My feedback

1 result found

  1. 22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Vincent Re supported this idea  · 
    An error occurred while saving the comment
    Vincent Re commented  · 

    I've had a few issues with other SMTP services where our SMTP credentials were compromised and we'd see unauthorized activity on our accounts.

    Although we protect our credentials carefully, we sometimes have contractors and other workers on our systems, and it's not impossible that our SMTP credentials could be discovered by some of them. A simple extra layer of security in your SMTP relay could help to prevent a lot of the resulting fraud.

    The idea would be to check a whitelist of permitted source (client) IP addresses when authenticating the SMTP transaction. If someone attempts to use our account with a source IP address not in our list, you'd be able to prevent them from using our account in an unauthorized way.

    Amazon's SES implements a similar feature...when you specify SMTP credentials, they use their IAM platform to authenticate the user, and you can create rules to control the context where your account can be used. For example, with SES enforcing a "sourceIP" restriction, someone that steals our credentials and tries to send email from their own server generally will be thwarted.

    Yes, it's likely not 100% foolproof, but the hacker that picks up our email host/user/password and just tries to send bulk mail through our account would likely be caught. This extra protection would be very valuable to us.

Feedback and Knowledge Base