The following note was sent by OUCS on 13 December 2011.
WebLearn is unaffected as it uses oxmail to send messages and does not connect directly to smtp.ox.ac.uk.
As we can’t rely on people not to give away their SSO credentials in phishing attacks (the rate is very small already but it only takes one for hackers to have a spamming field-day!) we have decided to put the following into place on Thursday morning (15 December 2011) around 9.30am:
1. Each Oxmail node will rate-limit each sending address to 1000 messages in any 3 hour period. This is per recipient, not per message, so a message with n recipients will count n against that 1000 limit. This will ONLY apply to email sent to it from smtp.ox.ac.uk or from Nexus. Departmental and College systems that use oxmail.ox.ac.uk as their onward MTA will be unaffected. Nexus and smtp.ox.ac.uk users going over this limit will get messages saying emails are delayed that they will eventually be sent.
2. Nexus will change to allowing a maximum of 250 recipients per message. If messages have more recipients than this they will be refused with a message saying that there are too many recipients. In that scenario messages will need to be re-sent with fewer recipients by the user.
We appreciate that some of these measures may cause some problems and we may revise them after the Christmas break if it seems appropriate. If they are going to cause you or your users any problems before 3 Jan 2012 then please contact email@example.com for advice BEFORE the end of next week. The change itself should not interrupt service.
We are sorry about the short notice on this but we want it to be in place for a while before we close for Christmas to make sure there are no unforeseen problems.
Thank you for your cooperation, Tony Brett