We agree in principle with this suggestion, especially if it were implemented as part of a more general rate limiting feature. We agree that being able to rate limit by recipient domain could reduce delivery delays to e-mail domains such as yahoo.com and aol.com, etc.

 

We’d suggest a more general implementation of a rate limit feature to include not just rate limiting by specified destination domains but also rate limiting by envelope sender. 

 

The underlying reason we make this suggestion is to provide a mechanism to combat the sending of undetected spam from web mail accessible local domain accounts that have been compromised via a phishing scam, from a bot on an infected workstation, or via some other unauthorized use of a local MTA that routes outbound mail via SBG.  

 

Numerous cases of webmail accessible compromised e-mail accounts can be found worldwide in education (colleges, universities, k-12 schools), government agencies, and ISPs. These accounts are often discovered only after tens or hundreds of thousands of spam messages that were not detected by Brightmail have already been sent. Having the ability to rate limit by sender, with appropriate exceptions, would both facilitate earlier detection and reduce the potential consequences to the institution, agency or company.  While the primary effortsshould and are targeted at preventing the compromises, such efforts will never be 100% effective. Hence post-compromise mitigation must be part of any strategy to combat this problem.