Rate Limits Are A Thing Now
We’ve been dealing with quite a number of spammers whom register accounts with us, and start spamming third parties.
As you might imagine, our environment is geared toward redundancy and load-balancing and high traffic — hundreds of messages, thousands of recipients, every minute. The capabilities of our infrastructure are therefore in and by itself not limiting the rate at which anyone can send any number of messages to any number of recipients.
But, this is the case no longer per se.
Since spammers are pretty well-versed in their scripting, they exhibit patterns that appear unlike most users’. We have therefore introduced a rate limitation, and in a very specific way.
We’ll pass through as fast as we can any number of messages, with any number of recipients, up to a certain limit per hour. Beyond this limit, our micro-services architecture temporarily suspends delivering further outbound traffic.
After some standard interval of having been unable to deliver messages to the “next hop”, in this case our “external outbound mail exchangers”, which I believe is some 4 hours, the sender will receive a notification about the delivery having been delayed (including information about the retry interval and retention).
Meanwhile, we continue to analyze the number of messages and number of recipients for those messages, in order to be able to respond to spammers more quickly.