Change in over quota handling
Post categories
Founder & CTO
We’ve just rolled out a technical change in the way email to over quota accounts is handled.
Previously, if an account was over quota, we could only detect this after accepting the email at SMTP stage. This meant that we would accept the email, try and deliver it, discover the account was over quota, and then have to bounce the email by generating a non-delivery notification.
Unfortunately in almost all cases spam messages forge the MAIL FROM address on emails. This meant that if a spam message was delivered to an over quota account, the non-delivery notification (bounce) email would then be sent to an incorrect third party. This problem is known as backscatter and is annoying for other email users on the Internet when they receive bounce notifications to emails they never sent. At least this only occurs for over quota accounts. Some systems accept ALL email, and then bounce any email for non-existent recipients. With the large amount of forge spam, these systems can generate millions of backscatter emails. FastMail correctly detects if a recipient is valid at SMTP time, and rejects the email for invalid recipients at the SMTP recipients which does not generate backscatter.
To try and reduce the small amount of “over quota” backscatter that we do generate, we now try and detect if the account is over quota at the SMTP stage before receiving the email. If the account is over quota, then we defer the email with a “451 User is over quota, try again later” response, which will cause the other side to keep the email for some time and retry sending later. This should further reduce the small amount of backscatter we generate.
There is unfortunately still one case where we can’t respond at the SMTP stage. If the SMTP recipient is an alias with multiple targets, then it might be that one target is over quota, and the other is not. In those cases, we have to accept the email, deliver to the under quota target, and generate a non-delivery notification for the over quota target. This case should be very rare however.