abnormal login detection and notify ?
Idea shared by Joe Joe - December 5, 2017 at 3:06 AM
for gmail,when i use different browser to login,
it will notify me that is an abnormal login,
i think it is a great feature,
if not sure if smartermail can add the feature,
it will let system admin/domain level and end users know if their mailbox has abnormal login.
thank you.

2 Replies

Reply to Thread
This could be done a couple of different ways...
  • Persistent Cookies (although this could have legal repercussions for SM customers with EU clients). If not present in the browser then challenge, log, and notify.
  • Geo-IP by comparing the IP Address with the Geo-IP database to see if it geographically matches their geographical location according to the user's Time Zone or Zip Code setting. If the Geo-IP does not match the Time Zone or Zip Code then challenge, log, and notify.
  • Capture user's last 3 known IP Addresses and allow the user to edit an Approved list of IP Addresses thus locking down their account to only those approved IPs. If the IP does not match then challenge, log, and notify.
  • D. All of the above
Although we have a lot of customers that do travel for the most part Geo-IP would be a huge help as almost all of the Brute-Force attempts come from outside of our primary geographical area (generally Turkey, China, Brazil, Netherlands, Iran, and the Russian Federation).
Even though I approve of this idea I'm rather torn though as Two-Factor Authentication would pretty much be more secure and render the need for Abnormal Login Detection obsolete and personally I'd rather see TFA come to SmarterMail sooner rather than later.

but i think if the mailbox's Two-Factor all be stolen,it is still access-able.

if not sure how EU rule their Persistent Cookies,
but i think mix Persistent Cookies with other factors,
it may be better.


Reply to Thread