Stopping e-mail from runaway web sites
by Andrew Macpherson on Apr.10, 2015, under E-Mail hosting
Recently we had a customer whose website was infected by way of one of the infamous plugins that are sometimes bundled into themes, such as TimThumb. The result was their site became one of the foci of a world-wide bot-net which posted tiny abouts of information (greeting and e-mail addresses) to target fairly large SPAM messages out from their site.
This ran overnight at the weekend, so by the time we had tracked it down 25,000 messages had been submitted, all properly validated as coming from the customer’s site
Fortunately 10,000 messages were still in the system outgoing queue, and we were able to purge those, but it was still around 10 days before mail was flowing properly again.
In response to the issue we are “rate limiting” email by number of recipients from each sender. In a time window I’ve run some analysis on the traffic logs, and apart from the mailing lists we host, which would be expected to send to many recipients, and with only 8 exceptions, in the past month no-one sends to more than 10 recipients in an hour. We’ve exempted the known high volume senders from checks, and will be setting a sliding 1 hour window to restrict every other mail account’s submission rates to slightly more than this observed high
This may affect you if you suddenly decide to do a mass mailing. It’s easy to enable your account if you tell us in advance, also don’t forget you can have a hosted mailing list which can individualise each message for its recipient