Sending Rate Limits
The Western email system limits the rate at which messages can be sent to external email addresses. Email rate limits mitigate the impact of compromised hosts or accounts on our email system. These limits were carefully chosen to minimize the impact on legitimate email traffic, however some legitimate senders may be impacted.
Current rate limits
|Recipient rate limit||Recipient limit||Recipient proxy address limit||Message rate limit (SMTP client submission only)|
|Limit||10,000 recipients per day||500 recipients||200||30 messages per minute|
|Limit||3600 messages per hour|
There are two tiers of rate limits employed on Western's Convergence email system, depending on client location.
|Tier 2 (high risk)||Tier 1 (low risk)|
* The message count is measured independently on each of ITS' email servers. It's possible to exceed this limit by splitting messages across multiple servers, if messages are sent over multiple sessions, although results may vary and this should not be replied upon as a workaround.
Internal vs external recipients
Rate limits only apply to email messages sent to external recipients. External recipients are those not hosted by ITS, such as @gmail.com or @hotmail.com. Emails to @uwo.ca addresses, or other domains hosted by ITS, are not rate limited and do not count towards your rate limit.
Western's ability to effectively deliver legitimate messages to the internet depends on having a good reputation as an email sender. Each time Western's email servers are misused to send spam, that reputation is damaged. Other mail domains may begin throttling our mail, or blocking us entirely for a period of time. We may become listed on any number of dynamic blacklist services used by email service providers across the world. This negatively impacts our ability to deliver legitimate mail for all of Western.
The two major sources of spam in our email system is compromised accounts, such as through phishing attacks, or virus-infected hosts connected to our network. While we take steps to minimize the occurrence of these cases, we cannot completely prevent them, and from time to time they will appear on our network and be used to blast spam through our mail servers.
In order to reduce the volume of spam which makes it through our mail system and onto the internet, we make use of email rate limiting. This can lower the volume of spam sent in each incident from millions to a few thousand. Since spam message we relay can impact our reputation as an email sender, this reduction is vital in the operation of our service.
Comparison to other ESPs
While selecting an appropriate rate limit for our Tier 1 clients, we looked at rate limits used by other major email service providers. We found that several major ISPs (Comcast, Earthlink, Roadrunner) used a rate limit of 1000 messages per day, while most major free webmail providers (Gmail, Hotmail, Yahoo!) used a limit of 100 to 500 recipients per day1 2. We feel that, as a University, a limit somewhere between these two numbers is appropriate.
The rate limit for our Tier 2 clients is much lower, because these clients are considered to be higher risk. Compromised accounts from phishing attacks frequently use Convergence or direct SMTP connections from off-campus. Wireless and Reznet clients are considered higher risk because compromised devices are more commonly brought onto campus and connected to these networks. Applications used for sending mass emails would typically be run on an on-campus workstation or server, which would fall under the tier 1 rate limit (although still subject to the Mass Email Guidelines).
Impact on Western users
Most Western users will likely never be affected by Western's email rate limits. In the case of Tier 1 clients, we estimate that less than 0.2% of clients will be affected.
Those likely to be affected will be users or departments which send run software on their workstation or department's server which sends mass mailings or other email notifications to external email addresses. Email senders who hit the rate limit will receive the following message in the form of a pop-up in their email software:
550 5.7.1 Recipient rate limit exceeded. Try again later.
When this message appears, the message being sent will not be processed. If sending to multiple recipients in the same message, none of the recipients will receive the message. Repeatedly trying to re-send will push your client further over the limit, but will not allow further messages to be sent. See the following workarounds and best practices below.
If you are seeing the above error message, but are not aware of having sent messages to a large number of recipients, it's possible that your computer is infected with a virus or your Western account has been compromised, and is being used to send spam. If you believe this to be a possibility, please change your Western password immediately and contact the ITS Help Desk for further assistance.
Workarounds and best practices
If sending mailings to a large number of external recipients, be aware of the two tiers of rate limits. To avoid being affected by the rate limits, try the following workarounds:
- If sending from one of the tier 2 areas, try sending from the on-campus wired network instead.
- Faculty and staff can use a List Guardian mailing list for your mailing, which is unaffected by rate limits.
- Students can use external mailing list services, such as Google Groups, which would count as a single external address.
- Send messages to a small number of recipients over a longer period of time, to stay below the rate limits.
- Official communications may be eligible to be sent by ITS, using our professional mass mailing application. Contact the ITS Help Desk to inquire further.
After trying the above workarounds, if you are still experiencing difficulties sending large mailings, please contact the ITS Help Desk to request further assistance from the email group.
Please be aware, mass email communications are subject to the Mass Email Guidelines, including formatting, subject matter, recipient selection, scheduling, rate limiting and opt-out procedures.
Published on and maintained in Cascade CMS.