Nevster
Premium
join:2002-04-06
Dalhousie, NB
| reply to mrchris
Re: My way
During times of increased virus activity (Like the last two weeks) I closely monitor outbound SMTP activity. If I see a customer with about as much activity as our mail servers, I simply block SMTP at their cable modem.
Since many customers read mail with web browsers now, many don't even notice that their SMTP capabilities were blocked. Those customers who just happen to be sending more mail out than the ISP servers usually call (or more often than not) use their hotmail accounts to inquire.
If I discover that they're running BSD or linux, and it was just bad luck that they happened to be sending a lot of mail at the time, the customers usually understand, and I annotate their accounts accordingly so I don't shut them off again.
When a customer calls in reporting their mail is broken, our CSRs explain the virus, ask the customer to run a virus scan and go to windowsupdate to ensure their systems are secure. If the customer says they've done that, then we take their word for it, and re-enable their SMTP. No hassles... Unless of course, we get spammed from their IP immediately after lifting the filter.
Yeah, it's not a perfect way, but it does keep the collateral damage down, and offer some education to customers who're suddenly really willing to learn. It doesn't bother people who're keeping their systems up-to-date, patched and uninfected.
And curiously, we've not had an actual upset customer with this method, but I'm sure some fictitious customers are bound to complain...
|
