cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1532
Views
0
Helpful
1
Replies

Recipient rate limiting

Rayman_Jr
Level 1
Level 1

Are there any ideas how IronPort could be used to rate limit some internal recipients / domains ? IronPort have excellent tools to throttle senders based on different attributes on different levels but could the same throttling be used for internal recipients ? I would like to find a way to limit certain internal users to be able to receive only certain number of messages per hour.

Time to time such a feature would be useful to protect mailboxes to get overflowed.

I have seen few cases where such a functionality would save a lot of trouble and effort.

1. Botnet bombarding some email accounts creating DoS. (CASE and SBRS will block most but doesn't fully protect)
2. Poor man version of case 1 where chain letter is used for similar purposes. Believe or not but that works, especially in developing countries where users are just learning emailing.

Example of latest chain letter which created a big problems for South Africa First National Bank network:

 FNB is giving away 10 entries for this Thursday's "Win aMillion" competition. Just forward this email to four friends and 
cc: Emma.nel (a) fnbcorporate.co.za and you will have your 10entries.
Good Luck!


3. Some "developer" user with poor skills have created some badly formulated script and managed to create mailing loop without knowing it.
4. Negligent admin shoots himself in the leg and created mailing loop due bad configuration.
5. Monitoring goes bananas and send hundreds of thousands alerts during weekend

IronPort appliances are very powerful boxes and when they get emails for delivery they sure deliver those, and fast...

1 Reply 1

kluu_ironport
Level 2
Level 2

That sounds like a pretty good idea. Possibly protecting the recipient or the appliance in general from a targeted or accidental attack on a particular recipient.

However, let me be the devil's advocate for a moment. What if it's a recipient email address that is suppose to get a lot of mail traffic going to it? (i.e hr@company.com or support@company.com) Or what if you're sending out a marketing blast and there is the expectation that a lot of folks will respond to the sender.

Also, from the network point of view, if a recipient's email address is being targeted, isn't it more than likely coming from one or two sources or hostname? So, one or two sources is instigating a large volume of mail traffic to select recipients, the Ironport system will notice this and start throttling the connections. Though not impossible, the likehood of mutiple sources on the Internet attacking select recipients at one time may not occur too often.

In general though, the idea of setting up some type of configurable threshold (like 1000 messages to a recipient in a one hour window) on the amount of mail a recipient can receive is a very interesting idea. Mention it to your Sales representative or sales engineer and let them know the value that it can bring.

--kev


Are there any ideas how IronPort could be used to rate limit some internal recipients / domains ? IronPort have excellent tools to throttle senders based on different attributes on different levels but could the same throttling be used for internal recipients ? I would like to find a way to limit certain internal users to be able to receive only certain number of messages per hour.

Time to time such a feature would be useful to protect mailboxes to get overflowed.

I have seen few cases where such a functionality would save a lot of trouble and effort.

1. Botnet bombarding some email accounts creating DoS. (CASE and SBRS will block most but doesn't fully protect)
2. Poor man version of case 1 where chain letter is used for similar purposes. Believe or not but that works, especially in developing countries where users are just learning emailing.

Example of latest chain letter which created a big problems for South Africa First National Bank network:

 FNB is giving away 10 entries for this Thursday's "Win aMillion" competition. Just forward this email to four friends and 
cc: Emma.nel (a) fnbcorporate.co.za and you will have your 10entries.
Good Luck!


3. Some "developer" user with poor skills have created some badly formulated script and managed to create mailing loop without knowing it.
4. Negligent admin shoots himself in the leg and created mailing loop due bad configuration.
5. Monitoring goes bananas and send hundreds of thousands alerts during weekend

IronPort appliances are very powerful boxes and when they get emails for delivery they sure deliver those, and fast...