News: "Allowed IP Access" Removed
We had a page here at accounts.mxroute.com where users could set a list of IP addresses to log into their account. Limiting login by IP address was never a feature we intentionally launched. It was merely a default function of HostBill, the software that we license to manage the billing system. The number of problems caused by this feature has been ramping up, and I fear that the increase in users moving from Gsuite will only add to the problem. I'll explain.
Repeatedly, customers would lock their account to a single IP and then lose access to that IP address. Today, this reached the breaking point for me, when a user spammed (quite literally, sent the same email repeatedly to flood my inbox) my email account complaining about their misconfiguration and then filing a chargeback. If users fail to use the feature frequently and then go as far as to subtract revenue and harass staff, we should remove the feature. It's simply unacceptable for us to offer a component that users will use against us. While I understand that two-factor authentication can suffer from similar issues, that remains a basic necessity. Limiting login by IP is not worth the hassle.
Less than 25 users on our platform were using this feature, so this news isn't for many people. But, if I don't publicly announce this and my reasoning, history has taught me that 1-2 of those 25 users will be on Reddit tomorrow complaining about it.