Basic outbound email limits, per email account, at SMTP level for IP protection

jackt

I would love to see some sort of per user outbound email safeguards put in place. Limitations such as XX per hour, XX per minute, per user. OR Near immediate notification of problem accounts sending bulk emails. This is done to protect IP registration.

girish

@jackt said in Basic outbound email limits, per email account, at SMTP level for IP protection:

This is done to protect IP registration.

Can you clarify what this means? Do you mean someone might register the server IP as spam ? (Maybe 'report' is the better word here).

msbt

@girish I had a customer that wanted to send out hundreds of cold emails to potential clients they had collected, which is forbidden in my country (also everything with 50+ recipients if you don't offer an option to unsubscribe).

Luckily I cought it quickly because they complained about an issue in webmail (apparently you can't paste that many addresses in the bcc field) and told them off, but as @jackt suggests, it would be nice to have a "safeguard" or a custom limit so they can't go over from the technical side.

Since I'm using Postmark on most of my servers, it wouldn't necessarily be about IP reputation, but legal issues and eventually money, if there are thousands of emails going out

jackt

Thanks for the replies.

@girish. We plan on having hundred of users on a dedicated mail server. At least one of these accounts will abuse mail privileges at some point. Currently a user can send out tens of thousands of emails on the SMTP level without restriction. This can cause the mail server IP's to be banned affecting the deliverability of other account holder sends. Swapping out an IP sucks. We are able to put some restrictions in using RoundCube but they can be bypassed with a skilled email marketing company.

We would love to see some basic outbound email limitations put in place. At the very least limiting the number of outbound emails per hour, per user account. Even if its 100 per hour it will offer some protection to the site owner.

Some sort of notification would work as well. Emailing/texting admin if a user sends more than XX emails in a 15 minute period.

I hope this clarifies. We have been searching for a solution fro 4 days now. It just doesn't exist.

#3

girish

@jackt We don't have any outbound rate limiting feature.

Just investigated this a bit (so some notes for myself): The rate limit plugin (which we already use) does have it but we haven't configured it with any limits - https://github.com/haraka/haraka-plugin-limit . However, the limits in that plugin are global and not for a specific account - https://github.com/haraka/haraka-plugin-limit/blob/master/config/limit.ini#L101

jdaviescoates

@girish said in Basic outbound email limits, per email account, at SMTP level for IP protection:

limits in that plugin are global

That's probably good/ OK, no?

Impossible to know in advance which user will try to abuse the system.

girish

@jdaviescoates yes, possibly. I have to test if it works. I don't trust those "plugins" even if they are from the upstream project. Indeed, the top most commit in that plugin is by me

jackt

Thanks for the effort. I agree that global restrictions will help. The ideal solution will be account level restrictions OR notification of spikes so we can quickly identify the problem account. The goal is to limit the need for full time monitoring.

CRBear

I also hope that this feature will be implemented soon to prevent servers from ending up on blacklists. It will also help prevent users from sending mass emails without coordination. Virtually every mail provider has enabled this feature for good reason.