[marcloney]

If you place rate limiting on email accounts by default and then for the lower percent of users that need a higher rate do it on a case-by-case basis. In my experience most users that fall victim to these types of phishing attacks do not need to send high volumes of emails.

[jacques_chester]

Oxford already has rate limiting. 1000 messages per hour through their servers, it seems [0].

The next step would be to filter outbound traffic to block SMTP from compromised PCs. It seems they have an outbound firewall, but it's not obvious which ports are closed because the list of blocked ports is ... blocked[1].

[0] http://blogs.oucs.ox.ac.uk/adamweblearn/2011/12/weblearn-una...

[1] http://www.oucs.ox.ac.uk/network/firewall/blocks/

[jebblue]

The 1000 limit seems like a high number, why would a legit user need to send that much email out? I'd think a much smaller number like 5 per hour would be better.

[rmc]

5 per hour

You're a lecturer with 200 people in your class. That's 2 days. Does the lecturer have to leave their computer all the time? Is their email programme going to handle this sort of delay? What do you do if the lecturer wants to send an email about updated homework due in a few days? Some students will have a 2 day head start, is that fair? Do you have to give them extra time/marks?

You're the first year faculty advisor. There are 1,000 people in that year. That's 1 week. Same questions as above.

(And in case you think "Well let the lecturers send more", what makes you think the lecturers aren't the problem in the first place?)

[jacques_chester]

Academics send mass emails.

Calls for Papers / Articles is the classic reason. The IEEE and the ACM might have proper mailing lists for that sort of business ... most academic fields do not.

Edit: I think they could lower the rate more and push mailing lists, but on the other hand a lot of users simply wouldn't notice that they're rate limited. Which could lead to entirely different brand of lulz.

[TeMPOraL]

1000 mails/h is definitely too much - it's 16 mails per minute(!). I think something around 60 - 100 mails per hour is more reasonable, to cater for cases like lots of one-liner exchanges.