Display User Friendly Lockout Messages in Webmail
Idea shared by Ron Raley - 12/17/2018 at 9:31 AM
Under Consideration
Instead of one sinle generic message at the login prompt, I propose that the webmail user see something similar to this:

Too many login failures.  Your account has been locked. You can try again in X minutes/hours/days or contact Z.

Too many login failures with this IP address.  This IP address has been locked.  Please try again in X minutes/hours/days or contact Z.

Where X is the time parameters set within SmarterMail.
Where Z is an e-mail address set within SmarterMail.

Thank you for your consideration.

6 Replies

Reply to Thread
Yes .. and yes!!!
Employee Replied
Employee Post
Hi Ronald, 

Thank you for the suggestion. I will forward this to the development team for their consideration. 
I would think stating locked out is great but having the option to not stay time, etc. as I can see dumb hackers reading the screen and trying right after it expires.
Yeah, giving away your block times etc. doesnt seem like a great idea...
Matt Petty Replied
Employee Post
You generally got to be very careful of what info you relay back to the login page. Hackers could use any piece of information they see to validate their other data. If they know they are blocked, they can try with a different IP or try a different user in the mean time. If we keep telling them the exact same thing, they may not know they are blocked or that they are even hitting a valid email address. This can slow down serious attempts to bruteforce this information.
Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com
We just need to be able to modify that message, we set up a personalized message. 

Reply to Thread