Outbound emails bounced with '554 5.7.28 Mail flood detected'

Hi Everyone!

Are any of your Central Email protected email addresses getting their outbound emails bounced with '554 5.7.28 Mail flood detected' ?

Here's how it looks like in the Non-Delivery email alert:

This is due to the affected email address sending a higher than normal amount of emails out to the Internet which makes Central Email think that there is a mail flood.

This KB article below shows the amount of emails a standard user can send within a 10-minute and a 24-hour period compared to a user with bulk sender privileges:

support.sophos.com/.../KB-000040565

So, If the email address is not meant to send bulk emails then we recommend getting this investigated.

If it is meant to send this amount of emails, then you can request for it to have "bulk sender privileges". This can be done by following the instructions in this link:

https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/EmailSecurity/Mailboxes/BulkSendingLimitsPrivileges/index.html#applying-for-bulk-sender-privileges

Please note that Sophos will review the request within 72 hours. During this period, one of the things below may be done to reduce the impact to the affected account:

  1. Send outbound emails at a lower rate per minute/hour as specified in the KB article
  2. Disable outbound scanning within Central Email. Note that this means you will have to configure your email server to send directly to the Internet.
  3. If #2 cannot be done since all of the outbound emails will be affected, another option is to create a send connector in the email server so that when outbound emails are coming from the email address, it will not be sent to the Central Email server but directly to the Internet. 

!!! For options 2 and 3 above, please make sure that you configure your public DNS so that it also provides for sender authentication technologies like SPF, DKIM, and DMARC if your domain is taking part on any of them. 



added a line so that any domain that is taking part on sender authentication will also configure their DNS server to avoid issues.
[edited by: josepalad at 11:28 PM (GMT -7) on 5 Sep 2022]