The risk of phishing is potentially identity theft, financial fraud, and attacks to compromise financial, research, student, employee, and other types of information.
A technique available to organizations is to limit the number of recipients that one account can send to, per hour and per day. This throttling of email reduces the impact that a hacker can have on the University community in the situation where they successfully take over an account and then send fraudulent messages to other students, professors, or administrators.
Email throttling is now in place at the University. They describe your sending rate limits. These limits apply to personal uOttawa accounts (ending with uottawa.ca) and do not apply to departmental accounts.
Individual uOttawa accounts have the following thresholds:
- Per hour: They can send to a maximum of 500 recipients internally to a uOttawa account and external recipients who have a non-uOttawa email address.
- Per day: In addition to the hourly cap, an account has a daily sending quota of 1000 recipients, whether the recipients are internal or external.
- Personal account: The account is owned by an individual within the University community.
- Recipient: A recipient is defined as a distribution list (DL), listserv, or email address.
Once the threshold is reached:
If you try to send to another recipient, your email will be rejected. You will need to resend your message later since it will not be deferred and automatically resent later. The error message you will receive will look like:
Alternatives
There are legitimate business and academic needs that may require higher thresholds. Excluded from email throttling is correspondence sent from a uOttawa, non-personal account (e.g., departmental accounts). If you have a big mailout to do, check if one of these options can address your mailing needs:
- Departmental accounts or shared mailboxes (employees only)
- Brightspace (professors only, account required, contact TLSS)
- MS Teams (professors only)
- Distribution lists (DLs) (employees only) : Distribution lists started in the University’s address book count as one recipient; those in personal contacts folders are counted individually
- Listserv (employees only; appropriate if you have recipients who are external to the University)
Here are some other ways to think about if your hourly or daily sending limit has been reached for your account:
- Split your recipient list into multiple emails so that the external recipients are sent separately from the internal recipients.
- Spread your emails over a period of time. Factor the throttling caps in planning your mailouts.
- Send your emails at earlier times to meet any deadlines. Use a third-party provider for needs such as newsletters if you have many recipients.
Examples:
- Janette needs to send out from her uOttawa account an email to 651 internal employees and 72 external collaborators who work in other Canadian universities. That would mean there are 723 recipients.
- Mark is scheduling an email from his uOttawa account that will go to a DL for IT Reps and a DL for Finance. That would mean there are 2 recipients.
- Karen must email 237 uOttawa professors and 320 high school recruitments officers and will be using her uOttawa account. She would first email the 237 internal addresses and then email the 320 external addresses. This is within her hourly sending limit. Note that a total of 557 people will be reached.
- Jean-Pierre will be emailing 2350 students from his service’s departmental account. This mailout is exempt from the email throttling and his email will be sent successfully.
- Marie is scheduled to send a monthly newsletter to her subscribers and will be using her faculty’s Talisma account. This mailout is exempt from the email throttling and her email will be sent successfully.
- Professor Kane wants to send a notice to their 515 students who are in his four courses. He intends to use Brightspace. This mailout is exempt from the email throttling and their email will be sent successfully.
- Christian has sent 5 emails during his morning, totalling 996 recipients. In the afternoon, he started responding to emails in his INBOX and gets an error message as indicated above. This is because he reached his daily limit of 1000 recipients and cannot send any more emails that day.
Going forward
Setting an outbound anti-spam measure such as email throttling helps reduce secure threats to each of us. It ensures the University can continue to deliver legitimate messages to the Internet since compromised uOttawa accounts are not used to propagate spam as may be the case through phishing attacks.
If you believe you have received a phishing attempt, use the Report message button in Outlook. If you’re not sure where a link will lead, STOP.