Gandi Bar - Gandi Mail - Enhanced Security Measures - Comments

Gandi Mail - Enhanced Security Measures - Leland

Leland — Sat, 27 Mar 2010 22:46:33 +0100

@Ok

All users of the Gandi Mail service are authenticated users with at least one domain registered with us. The risk was the fact that once authenticated, the actual email could be sent "from" any other domain, whether with us or not.

This has been somewhat mitigated now with the additional safeguards put in place which allow immediate action to be taken in case of verified abuse of the service.

Gandi Mail - Enhanced Security Measures - Ok

Ok — Sat, 27 Mar 2010 16:49:34 +0100

I am not a gandi user. I have been following this post because I have been considering transferring a couple of my domain names to gandi.net in order to take advantage of the e-mail service you provide.

Now I don't know whether this would be a wise move, as it seems, for reasons that I don't understand, that your policies are still too loose and might cause unnecessary problems to legitimate users.

What reason is there not to restrict the use of SMTP only to domain names and users who are registered with you and whose identity can be authenticated?

Gandi Mail - Enhanced Security Measures - Leland

Leland — Fri, 26 Mar 2010 23:38:29 +0100

Just to update everyone...
Whilst the precept remains that the Gandi Mail service is intended for domains registered at Gandi, we have nevertheless *removed* the SMTP restriction, whilst implementing a number of additional safeguards, though these should have no impact on the sending of emails. We are, of course, tolerant of fair use of the system, but will take rapid action in case of abuse.

We will shortly be communicating further with more details, but due to a few contractual amendments, we are not in a position to communicate on these specifics until our legal team has completed the validation process.

We will keep you updated in due course.

Gandi Mail - Enhanced Security Measures - Leland Vandervort

Leland Vandervort — Wed, 24 Mar 2010 15:18:03 +0100

@all: Just a quick update to let you know that just because we haven't commented recently doesn't meant that we aren't listening

Some of the comments on both the english and french versions of our blog have been valid and useful. We are actively looking into the feasibility of reopening the SMTP as before, but obviously there would be certain precautions and limitations placed upon such a move.

We will update you again when we have implemented the solution.

Leland

Gandi Mail - Enhanced Security Measures - Joe (Gandi)

Joe (Gandi) — Tue, 16 Mar 2010 17:46:18 +0100

Hi guys,

Thanks for your colorful comments

Brian is quite right, this is nothing to do with the SORBS issue, which all began because a domain registered through us was mentioned in a spam email. We did not send or relay any spam.

And regarding the open SMTP protocol we offered, we said that this was the focus on increasing misuse, but not that this misuse was effective. To give you an example, we process around 50m emails per day through our system. But only about 6m actually end up being sent, as the remaining mails are matched against spam databases (Spamhaus and ApamAssassin) and blocked before being sent.

So the misuse of our system has resulted in more work for us to continue to keep attempted spam out of circulation, not actually in us relaying spam. We tried to keep an open system that some customers appreciated, but the increasing misuse as forced us to stop this.

I hope that makes it a bit clearer. We're not spammers and nor are we supporting spamming activity

Joe

Gandi Mail - Enhanced Security Measures - nobody

nobody — Tue, 16 Mar 2010 10:58:59 +0100

Spamdi.net!!

Gandi Mail - Enhanced Security Measures - mike

mike — Tue, 16 Mar 2010 07:28:41 +0100

Come on, Gandi. Let's face it. You got caught hosting and facilitating spammers and now you're holdung you customers hostage to cover up for your incompetence.

You guys should find a new line of work because email service certainly isn't one of your strong points!

Hope the rest of the clueful ISPs blacklist you just like AOL has!

Gandi is friendly to spammers!

Gandi Mail - Enhanced Security Measures - Dave

Dave — Mon, 15 Mar 2010 06:24:29 +0100

what I don't understand is if you knew people were abusing the system all this time, why didn't you take action against the abusers instead of penalising everyone in one foul swoop?
Or does this mean that you didn't actually keep very accurate log files of mail activity and now it's catching up to you?

Yes, it's a very good thing that you're doing this, but it should have been done from the outset because now you're faced with a situation where you alienate existing customers because of your own complacency -- ok -- maybe they shouldn't have taken advantage of the loophole in the first place, but nevertheless it comes as a foul blow to everyone now.

Just my 2 pence

Dave

Gandi Mail - Enhanced Security Measures - Brian

Brian — Sat, 13 Mar 2010 19:06:56 +0100

Well that was a very mature response Michael.

Given Gandi's reputation, I think it is about bloody time that they put this into place because it was way too susceptible to abuse. The SORBS problem is not really related, since that is basically Michelle (formerly known as Matthew) on a personal vendetta against a small handful of named individuals. Unfortunately there are also a lot of so-called anti-spam activists who don't know how to read email headers either.

Good job, Gandi, for locking this down. A little late, but you've now caught up with the rest of the internet "best practice".

Brian J.

Gandi Mail - Enhanced Security Measures - Michael Mulligan

Michael Mulligan — Sat, 13 Mar 2010 17:36:17 +0100

Hah! looks like SORBS was right after all. You guys do knowingly support spammers. Nice to see you proactive anti-spammer policy... yea right.

Wonder what other back doors you guys have for spammers to take advantage off... hey lets try your virtual server offer. Another haven for Wayne Mansfield and his associates.