To ensure business and channel security and minimize potential financial losses caused by malicious calls of SMS APIs, the default SMS sending frequency limit is as detailed below:
Organizational users can log in to the SMS console to set or modify the corresponding sending frequency limit policy. For detailed directions, please see Setting Sending Frequency Limit.
Note: individual users have no permission to modify the sending frequency limit. To use this feature, change "Individual Identity" to "Organizational Identity". For more information on the rights of organizational users, please see Differences in rights.
For detailed directions, please see Configuring Alarm Recipient.
SMS bombing (cheating) refers to using malicious programs or tools and exploiting vulnerabilities in website clients or servers to send a large number of SMS verification codes to many irrelevant mobile numbers in a period of time (for example, within a day), which cause harassment to such users.
SMS bombing (cheating) not only causes harassment to innocent users, but also leads to a high number of complaints, which makes the SMS channel unavailable and results in economic losses to customers; therefore, preventive measures should be taken in advance.
The figure below shows a real case encountered by a customer (only dozens of messages are sent per day under normal circumstances, but tens of thousands of messages were sent per day during a bombing attack):
In view of the fact that SMS bombing (cheating) attacks are generally initiated by servers, the following comprehensive measures are recommended for defense:
An SMS signature must be carried in Chinese Mainland SMS messages due to the requirements of carriers, while this is optional and up to you for Global SMS messages.
You can log in to the SMS console, click the name of the target application to enter the application details page, and select one the following methods to query according to your actual needs:
SDK AppID is used to identify applications. Each SMS application has a unique SDK AppID, which is automatically generated by the system after the application is created. For detailed directions, please see Creating Application.
You can log in to the SMS console, select Application Management > Application List, and click the name of the target application to enter the application details page and view its SDK AppID.
If you need to remove the rate limit for testing mobile numbers, please contact SMS Helper.
You can log in to the SMS console, click the name of the target application to enter the application details page, and select one the following methods to query or export records according to your actual needs:
Up to 1,000 Global SMS messages can be sent per day under one Tencent Cloud account. If you need to adjust this limit, please contact SMS Helper.