Add a setting for sendmail limits per mailbox per day

marcusquinn

I'm doing a load or research on email and deliverability at the mo.

Mostly Cloudron has a very good setup and trust by default but that needs protecting when there are mass-mailer apps.

Something that would be handy for protecting the server IPs for email deliverability would be sendmail limits per mailbox, to protect from internal and external threats for overzealous sending that would get the IP blacklisted.

I suggest a reasonable default limit to be 50 sent per day, at which point further sending would be queued for sending on the next day and the System Admin would get an email to review the mailbox usage.

This is a basic setting but later additional throttling could be done to ensure sending reputation warm-up is controlled, which would look something like this:

When 50 emails send in one day, pause until the next day and increase the limit to 100.

Then 200, 400, 800, 1,600, 3,200, 6,400, etc, so no-one can burn the IP with a mass-mailer app that hasn't warmed up the sending IP and mailbox according to industry best-practice recommendations.

girish

@marcusquinn This looks like a good idea. FWIW, you can set the limit in apps like mailtrain (as to how many mails get sent out per hour etc). Not sure about mautic.

marcusquinn

@girish Yeah, Mautic has the basic setting for limit count per period but you'd have to update that value daily and it only applies to Mautic.

Other apps with mass-email capability include; EspoCRM, Wordpress, Dolibarr, Odoo (when we get it), Mailtrain you mentioned, and any email client if people send to large Cc/Bcc emails..

I'm sure it might seem like a luxury feature - but what I'm working on with Cloudron & Mautic will almost make it a necessity because it should unleash great power in the right hands and great mess in the wrong without this sort of safety-fuse

Another major point of this is there's no reason why Cloudron instances can't be as capable as Mailgun, Sendgrid, SES etc. You can have your own dedicated VPS & IP with Hetzner for $3/month, as opposed to $30/month the others charge just for the IP, plus $30/month for Pro features, plus charges per email, etc, etc.

With these rules Cloudrons won't get blocked unless you do dumb things with emailing, which this sort of throttling should prevent - and with all the others, you risk them deplatforming you for any disagreement on Ts & Cs, whereas with this, the worst risk is a host disagreement, at which point you can move your Cloudron and restart the warm-up very quickly.

The above example is on a 2x multiplier per day but maybe that value could be configurable, 1.5x per day would be pretty safe and anything above 2x would be destructive pretty quickly.

If you can get this and a few of my Wishlist apps done, I'll do some free email marketing for you to demonstrate

As much as I hate the MAGFA control of data and privacy, I also think that email remains the last sanctuary for business comms and growth that you shouldn't have to worry about rising costs with keyword bidding, and threat of deplatforming from all the ways these ad platforms can be abused or abusive.

marcusquinn

It might be worth having an hourly email send limit too:

https://www.hetzner.com/rechtliches/webhosting/

4. Mass Emails:
   The limit of 500 emails sent per hour must not be exceeded. The dispatch of mass emails/newsletters via email accounts of the web hosting account or via the website of the web hosting account is not permitted. The dispatch of unsolicited advertising is forbidden. Hetzner Online are entitled to block client accounts which do not comply immediately.

To be clear on this, I'm not advising anyone uses their VPS for extreme mass-mailing without their hosting provider specifically accommodating for that.

The point of this feature request is adding limits where possible to keep all users within the most common boundries of those that do allow for reasonable consenting email to a small to medium business volume without accidentally triggering issues and losing service.

msbt

@marcusquinn that limit at hetzner seems to be only for the regular web hosting/managed packages ("Shared Server Service Agreement (Web Hosting Accounts)"), not cloud/vserver.

Still a good idea though if we're able to manage the amount somehow

marcusquinn

@msbt yeah, just a safety-fuse, I must spend most of my time online designing how things can scale, and most of that is systemising safety by design in structure and defaults.

I recently noticed a DMARC policy on one setup was generating mass emailing I hadn't considered, less haste, more speed

mdreira

I love this conversation, this is gold.

We have to strengthen the mail server as a safe, it is a very valuable asset.

If we add to these limits/fuses the ability for the server to do certain actions if it detects that a domain has a higher percentage of X% of bounces and X% of complaints.

This would also be a must have to shield the mail server.

We have to be able to monitor all this well and automate actions in mail server.