> Dictionary attacks are normally fast and furious, not slow and deliberate so > setting your threshold to 3 failures in 5 seconds would be a good start. I don't know about password dictionary attacks, but I've seen a new approach to email account dictionary attacks thanks to bot-nets. See the first three paragraphs of: http://spamwars.com/archives/2007/07/internet_bandwi.html This could have an impact on your defense designs. Danny http://www.dannyg.com http://www.spamwars.com