Allow RBL checks during authentication

Idea shared by Rene Eisenmann - 4/15/2026 at 12:50 AM

Proposed

Recently we had a lot of password brute force attempts for mailboxes from various networks, which resulted in numerous mailboxes getting auto-locked. Many of those IP addresses were already listed in either AbuseIPDB or Spamhaus DROP.

My proposal is to make it possible to do a RBL lookup right after a client attempts an authentication, and drop that connection based on the result, before any login can be tried. Blocking offensive IP addresses via the dashbord is cumbersome and only reactive, not proactive.

It would also make it possible to feed offensive IP addresses from other sources into an internal RBL to have a fine grained control over who to block.

2 Replies

Reply to Thread

Derek Curtis Replied

Yesterday at 10:56 AM

Employee Post

Hey, Rene

It's an interesting idea. However, RBLs are not known for being quick when returning results, so this could cause a significant slowdown in authentication. So while it might be ok for protocols that use a long-lived connection, like IMAP and POP, it would probably be an issue for EWS, EAS, and MAPI -- and maybe even webmail.

Derek Curtis

CCO

SmarterTools Inc.

www.smartertools.com

Rene Eisenmann Replied

Today at 12:03 AM

Hi Derek,

according to the stats (avg time) in our Dashboard, response times are (with one exception) under 50ms. Same for our own internal RBL.

Even if this might affect MS protocols, at least SMTP/IMAP/POP security would benefit a lot from it.

Webmail is session based I guess, so it would only happen once at the login.

As for the slowdown, there could an enforced timeout of eg 1s for RBL requests (and otoh, tarpitting is not that uncommon too).

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text