Steinbuch Centre for Computing (SCC)

Rate Limiting on the central Mail Servers of the KIT


Compromised KIT accounts are regularly misused for mass sending of SPAM or phishing emails. In these cases, the mail servers of the SCC are temporally flagged on so-called blacklists as known senders of SPAM. External mail providers that are using these blacklists to help to determine SPAM emails will then decline to accept emails that have been sent from the flagged KIT mail servers. Some examples in the past for such external mail providers have been Yahoo, Gmail, and Hotmail.


Implementierte Countermeasures

To alleviate this problem, rate limiting has been activated on the outgoing mail servers of the KIT. The rate limiting ensures that a sender can only send a certain amount of emails in a given time slot. If this threshold is exceeded, the outgoing mail servers will still accept the remaining emails from the sender, but they will be handled with a certain delay.

Until the end of 2015 the rate limit was around 100 mails per 15 minutes. This limit had to be adjusted to react to an increasing number of necessary exceptions. Since the end of 2015, the limit for each sender has been increased to 3000 mails per 5 minutes. To compensate the increased limit, the number of bounces generated by non-deliverable emails are now closely monitored.

With these limits the SCC is able to detect and block SPAM waves originating from compromised KIT accounts. This prevents that the outgoing mail servers of the KIT get listed on blacklists, which increases the availability and functionality of the mail service of the KIT.

The mail servers are closely monitored to adjust the rate limits if necessary or to determine if a sender should be added to the whitelist of the SCC for mass email sender. Further information is available from the mail-host team mailhost-team∂