As a Program Manager of Antispam in Office 365, one of the questions I am frequently asked is “How many messages outbound are we permitted to send per minute? Per hour? Per day?”
When I use the term “Office 365” I mean both our existing Forefront Online Protection for Exchange (FOPE) service, and our newer Exchange Online Protection (EOP) service. The following description applies to both of these services.
We take managing outbound spam seriously because ours is a shared service; there are many customers behind a shared pool of resources. If one customer sends outbound spam, it can degrade the outbound IP reputation of the service. This affect the successful deliverability of email for other customers. It is unfair to Customer A if Customer B spams and various 3rd party IP blocklists list the IP address that it uses. The actions of one directly affect the other.
FOPE and EOP do the following to control outbound spam:
The above is a summary of the most common controls we implement to reduce outbound spam.
Why are my messages being routed through the hight risk pool. This happens when i send an email which has words in the subject and then just my initial in the body of the email. i have a job open about this.
Really useful information. Very sensible too.
Trouble I'm seeing is with #6 - have had this set, but recently found a user who compromised their account. They lost access because they sent too much mail but not a single message was caught by the outbound spam filter and she was not blocked for sending spam, but for sending too much. Makes me wonder if others are doing this as well. A few phishing attacks got some users to bite recently, the first few accounts sent a lot of internal mail trying to get others to do the same. They probably figure from an internal account it is more likely to net them some credentials, but the last 2 I caught and changed passwords on really weren't sending up the red flag from the servers.