How can I rate limit email based on the sender's email address?

Available Languages

Updated:October 14, 2014
Document ID:118577

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question

How can I rate limit email based on the sender's email address?
 

Environment

Cisco Email Security Appliance running AsyncOS 7.6 and newer

Sender Rate Limiting is a feature that is new as of AsyncOS 7.6. It limits the number of recipients accepted each hour from each envelope sender address. This automatically throttles mass mailings, including but not limited to those that are legitimate, accidental, or sourced from malware or viruses. By slowing these down, you gain time to track down the source of unwanted mailings. For legitimate mailings, it can help mitigate automated blocking at some destination sites.

Each Listener tracks its own rate limiting threshold; however, because all listeners validate against a single counter, it is more likely that the rate limit will be exceeded if messages from the same mail-from address are received by multiple Listeners.

AsyncOS 7.6 also adds a new Rate Limiting Report that allows you to quickly identify individual senders of large numbers of messages. Use this Report to help you to control spam from internal user accounts, identify compromised user accounts, limit out-of-control applications that use email and avoid damaging your organization's online reputation and the attendant hassles resulting from this situation.

Note: This is all based on Envelope Sender, not the From header.

To apply this feature to an existing Sender Group:

  1.  Start on the HAT Overview page of the Mail Policies tab.
  2.  Identify the Sender Group you wish to effect.
  3.  Click on the Mail Flow Policy's name that is associated with this Sender Group.
  4.  Click 'Rate Limit for Envelope Senders' to expand options.
  5.  Set desired 'Max. Recipients Per Time Interval'.
  6.  Submit & Commit

If your organization regularly sends time-sensitive mailings, you can set it up with 'Exceptions' enabled:

  1.  Start on the Address Lists page of the Mail Polices tab.
  2.  Click 'Add Address Lists'.
  3.  Give it a meaningful Name and a Description (optional).
  4.  Specify the Addresses which should not be rate limited.
  5.  Submit.
  6.  Go to the HAT Overview page of the Mail Policies tab.
  7.  Identify the Sender Group you wish to effect.
  8.  Click on the Mail Flow Policy's name that is associated with this Sender Group.
  9.  Click 'Rate Limit for Envelope Senders' to expand options.
  10.  Set desired 'Max. Recipients Per Time Interval'.
  11.  Enable toggle for 'Ignore Rate Limit for Address List'.
  12.  Select the Address List you created earlier from the drop-down.
  13.  Submit and Commit.

Revision History

Revision Publish Date Comments
1.0
14-Oct-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Jackie Fleming and Siddharth Rajpathak
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products