Filtering outbound mail brings many new factors in to play.  Unlike inbound mail, outbound mail originates from a trusted source and almost all, if not all, outbound mail will be clean.  As such, we cannot test outbound mail as aggressively as inbound mail because to do so would lead to false positives.  The biggest threat posed to your system by an internal spam outbreak is your IP address and domain being blacklisted because a large volume of spam mail was sent from your IP.

The vast majority (60-95%) of all inbound mail is rejected by the front-line tests such as RBL, SPF, recipient verification, etc..  Many of the front-line tests reject mail based on the server sending the mail.  Mail that passes the front-line tests then goes through to the content tests where the actual email headers and body are examined.  These are the tests that assign a score to the mail and inbound mail scoring over 5 is usually quarantined.  The content tests will only block a small percentage of inbound mail.

Outbound mail filtering is a completely different story.  None of the front-line tests are carried out because the mail is coming from a trusted mail server.  We have to rely heavily on the content tests to try and identify spam, but at the same time we have to make sure no legitimate mail is blocked.  To prevent legitimate being blocked we recommend increasing the score at which mail is considered spam for outbound mail to 8 (the default is 5).  But realistically, individual spam mails are not really important, a flood of spam mails is what causes problems.  To this end the most effective outbound protections are rate controls and IP delivery pools.

In v6.01 we introduced policy based rate controls.  These allow you to create rules to limit inbound and outbound mail and give you very granular control over the mail flow.  As you can see in the screen shot below the various options allow you to rate control mail from a single user all the way up to rate controlling all your mail.

You can also layer the policies to create a very comprehensive overall policy.

v6.01 also saw the introduction of IP delivery pools.  The IP delivery pool feature allows you to use multiple IP addresses to send outbound mail.  This has two uses:

  1. Greatly reduce the chance that you are blacklisted in the event of a spam outbreak
  2. Helps prevent your mail from being rate controlled by recipients.

The additional IP addresses are added as alias IP addresses.  You can then create a pool and assign IP addresses to the pool.  You then create domains to the pool.  Outbound mail sent from those domains will be sent using the IP addresses in the pool in round robin.  You can create multiple pools if required allowing you to have mail from different domains being sent via different IP addresses.  In the event of a spam outbreak and spam mail that escapes will be split between the IP addresses greatly reducing the chances of your IP address/es being blacklisted.

Used in combination the rate controls and IP delivery pools provide the best protection against the consequences of a spam outbreak within your network.