7:00am Pacific / 3:00pm GMT — After assessing the very large-scale spam runs that impacted our inbound message processing yesterday, we have made a configuration change by which we will now apply greylisting to unknown recipients at domains that are configured to pass through (i.e. not filter) unknown addresses at those domains.

This change is designed to help protect our infrastructure and the infrastructure of our customers, as the approach should reduce the processing, network bandwidth, and mail server utilization involved with handling large volumes of messages sent to unknown and unfiltered email addresses.

With the greylisting of messages to unknown addresses, we will issue an initial temporary failure to the sending server, similar to our typical greylisting response but containing an “R22” message instead of an “R8” message. As with typical greylisting, legitimate senders will retry a few minutes later, and our service will use the same remote recipient checks as in the past.

Note that there is no change for domains that are configured to block or drop messages to unknown users, or that are configured to automatically add new mailboxes based on inbound mail flow.

As always, we do recommend that customers add all valid mailboxes for their domain(s) to the service, via LDAP synchronization or other method, and configure our service to automatically block messages sent to invalid addresses at the domain.  This allows our service to block the many messages sent to bogus addresses at a domain, without the need to initiate a connection to the customer’s mail server to try to verify each potentially bogus address.

We are continuing to work on improving our service, and we expect this change to be a positive step in our ongoing efforts to block email-borne threats.

Thanks for your attention.