Filtering outbound mail brings many new factors in to play. Unlike
inbound mail, outbound mail originates from a trusted source and
almost all, if not all, outbound mail will be clean. As such, we
cannot test outbound mail as aggressively as inbound mail because to do so would lead to false positives. The biggest threat posed to your
system by an internal spam outbreak is your IP address and domain
being blacklisted because a large volume of spam mail was sent from
The vast majority (60-95%) of all inbound mail is rejected by the front-line tests such as RBL, SPF, recipient verification, etc.. Many of the front-line tests reject mail based on the server sending the mail. Mail that passes the front-line tests then goes through to the content tests where the actual email headers and body are examined. These are the tests that assign a score to the mail and inbound mail scoring over 5 is usually quarantined. The content tests will only block a small percentage of inbound mail.
Outbound mail filtering is a completely different story. None of the front-line tests are carried out because the mail is coming from a trusted mail server. We have to rely heavily on the content tests to try and identify spam, but at the same time we have to make sure no legitimate mail is blocked. To prevent legitimate being blocked we recommend increasing the score at which mail is considered spam for outbound mail to 8 (the default is 5). But realistically, individual spam mails are not really important, a flood of spam mails is what causes problems. To this end the most effective outbound protections are rate controls and IP delivery pools.
In v6.01 we introduced policy based rate controls. These allow you to create rules to limit inbound and outbound mail and give you very granular control over the mail flow. As you can see in the screen shot below the various options allow you to rate control mail from a single user all the way up to rate controlling all your mail.
You can also layer the policies to create a very comprehensive overall policy.
v6.01 also saw the introduction of IP delivery pools. The IP delivery pool feature allows you to use multiple IP addresses to send outbound mail. This has two uses:
- Greatly reduce the chance that you are blacklisted in the event of a spam outbreak
- Helps prevent your mail from being rate controlled by recipients.
The additional IP addresses are added as alias IP addresses. You
can then create a pool and assign IP addresses to the pool. You
then create domains to the pool. Outbound mail sent from those
domains will be sent using the IP addresses in the pool in round
robin. You can create multiple pools if required allowing you to
have mail from different domains being sent via different IP
addresses. In the event of a spam outbreak and spam mail that
escapes will be split between the IP addresses greatly reducing
the chances of your IP address/es being blacklisted.
Used in combination the rate controls and IP delivery pools
provide the best protection against the consequences of a spam
outbreak within your network.