To minimize spam & improve deliverability of legitimate emails, our system enforces Rate Limits to restrict a server's sending rate. This is helpful especially in cases where users are not aware that their account has been compromised & is being used to send out spam. We've also encountered situations wherein users are not aware that their machines are infected with viruses that are causing it to send spam. In both cases, a user's SMTP credits are being used up leaving them with no credits to use for legitimate emails.


The following rate limits are implemented:

  • Rule 1: 50 spam messages per 8 hours
  • Rule 2: 125 Bulk Messages per 8 hours
  • Rule 3: 100 Failed Deliveries in 1 hour


Please be aware that rate limits for new accounts may be different. 


In the example below, the user has been rate-limited for having more than 100 failed deliveries during the last hour which violates rule 3.


Reading the logs

  • These particular messages do not have a subject line which is an indicator of spam or a misconfigured sender. 
  • Message are sent to what appears to random recipients, most of which are invalid email addresses
  • Because the messages cannot be delivered and will generate multiple Non-Delivery Report/Receipts (NDR) that triggers the rate limit.


Diagnosis

  • The user has been rate limited so the messages are deferred & will only be sent as soon as our system will no longer detect any failed deliveries.






Remediation


Typically if your Outbound SMTP service is rate-limited, chances are it has been compromised in some way. It is possible that we triggered a false positive if you are sending large amounts of transactional emails, if this is the case please contact support to have your limits adjusted. 


  • The message logs show the IP address where the spam is originating from. 
  • If the IP address is in your network, you need to look into all machines that have been configured with your Outbound SMTP service and run a virus scan to make sure your machine has not been compromised by spam-sending software like virus and trojans.
  • If you do not recognize the originating IP address, immediately change your SMTP password. We also recommend specifying the domains that you allow to send messages using your Outbound SMTP account. 
  • You may do this by logging into your admin control panel & entering the domains on Allowed Senders list.