haydenwoodhead / burner.kiwi

No bullshit temporary mail service written in Go
https://burner.kiwi
MIT License
216 stars 26 forks source link

How do you protect it from abuse? #10

Closed aviv-or closed 5 years ago

aviv-or commented 5 years ago

Im considering running it on Lambda and i would appreciate it if you could share your basic anti-abuse approach.

For example:

-blocking incoming mails from certain domains. -do you have an auto-kill function for lambda if somone abuse the servers?

Sorry if this is beyond the scope of what you can share and thanks for making this awesome service. I also tried looking up for the legal implications on hosting such a service but found none.

haydenwoodhead commented 5 years ago

So if you're just running it for personal use and not publicly sharing the url or linking to it from other places then you will probably be fine.

If you're offering it as a service to the public then you may want to look into anti abuse. Burner.kiwi does have the ability to block emails from certain domains, however, this isn't going to prevent AWS from charging you for the lambda execution. The idea behind the blacklist is that if the person abusing the system couldn't get their emails they would stop using it. Not a perfect solution but they stop abusing sooner or later.

API gateway allows you to block IP ranges so if your're receiving abuse from certain IP ranges you can block them. However, this is manual task and more often than not the abuser just moved to a new IP.

You could also setup another lambda function that monitors your AWS bill and kills the function if the usage gets too high. Also make sure you set up billing alerts to your email as well.

API gateway also does rate limiting sadly this is globally not per IP.

I found the rate limiting and anti-abuse features of lambda/api gateway limited unless I wanted to spend extra money. My solution was to just move somewhere else that costs less than the rate limiting features.

aviv-or commented 5 years ago

Thank you for the detailed answer, i appreciate it :)