Are there any ideas how IronPort could be used to rate limit some internal recipients / domains ? IronPort have excellent tools to throttle senders based on different attributes on different levels but could the same throttling be used for internal recipients ? I would like to find a way to limit certain internal users to be able to receive only certain number of messages per hour.
Time to time such a feature would be useful to protect mailboxes to get overflowed.
I have seen few cases where such a functionality would save a lot of trouble and effort.
1. Botnet bombarding some email accounts creating DoS. (CASE and SBRS will block most but doesn't fully protect)
2. Poor man version of case 1 where chain letter is used for similar purposes. Believe or not but that works, especially in developing countries where users are just learning emailing.
Example of latest chain letter which created a big problems for South Africa First National Bank network:
FNB is giving away 10 entries for this Thursday's "Win aMillion" competition. Just forward this email to four friends and
cc: Emma.nel (a) fnbcorporate.co.za and you will have your 10entries.
3. Some "developer" user with poor skills have created some badly formulated script and managed to create mailing loop without knowing it.
4. Negligent admin shoots himself in the leg and created mailing loop due bad configuration.
5. Monitoring goes bananas and send hundreds of thousands alerts during weekend
IronPort appliances are very powerful boxes and when they get emails for delivery they sure deliver those, and fast...