One thing many ESPs have in common is the risk created by self-serve signups: a new user signs up for a free or even paid account and almost immediately bursts out their monthly allocation in spam or other abusive messages.
While this can be mitigated using middleware, it helps if the MTA can protect the ESP against these types of abuse, especially for those that allow direct relay access.
Fortunately, KumoMTA can be used to protect against this kind of abuse thanks to its unique queue architecture that includes Campaign and Tenant as discrete queue identifiers instead of just being attached as metadata. Because each tenant is distinct within the KumoMTA queue architecture, we can apply throttles at the tenant level that can slow the flow of traffic by a new tenant.
For example, we can create an entry in the config for the queues helper like this:
[tenant.'mytenant']
# Which pool should be used for this tenant
egress_pool = 'shared-pool-new'
# Override maximum message age based on tenant; this overrides settings at the domain level
max_message_rate = '5/minute'
By setting the max_message_rate to five messages per minute, this tenant cannot burst through too much traffic during their initial time with the ESP, even though they use a shared IP pool. The pool itself is not rate-limited for other tenants, this throttle only affects the speed at which the tenant's messages can move from the scheduled queue to the shared pool's ready queue.
This approach is especially powerful when combined with the SuspendTenant action of KumoMTA's Traffic Shaping Automation as it allows you to automatically suspend sending by individual tenants when certain feedback is received.
For example, this rule will work with Google's new domain-specific feedback:
[["gmail.com".automation]]
regex = "unusual rate of mail originating from your DKIM domain"
action = "SuspendTenant"
duration = "3 hours"
When KumoMTA encounters the response in the example, rather than throttling or suspending the shared IP, it will instead suspend the tenant so that their sending patterns can be analyzed to determine whether to restore sending or address the tenant directly. Combined with a throttle on the tenant this means that a new malicious signup will be unable to send a material amount of traffic before being detected and suspended, preventing reputation harm that might otherwise occur.