Export (0) Print
Expand All

Higher Risk Delivery Pool for Outbound Messages

Exchange Online

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2014-03-18

When a customer's email system has been compromised by malware or a malicious spam attack, and it is sending outbound spam through the hosted filtering service, this can result in the IP addresses of the data center servers being listed on other block lists. In addition, destination servers that do not use the hosted filtering service, but use these block lists, end up rejecting all email sent from any of the hosted filtering IP addresses that have been added to those lists. Therefore, all outbound messages that exceed the spam threshold are delivered through a higher risk delivery pool. The higher risk delivery pool is a secondary outbound email pool that is used to send messages that may be of low quality, thus helping to protect the rest of the network from sending messages that are more likely to result in the sending IP address being blocked.

The use of a dedicated higher risk delivery pool helps ensure that the normal outbound pool is only sending messages that are known to be of a high-quality. The possibility of the higher risk delivery pool being placed on a blocked list remains a risk. This is by design. This secondary IP pool helps to reduce the probability of the normal outbound-IP pool being added to a blocked list.

Also, messages where the sending domain has no address record (A record), which gives you the IP address of the domain, and no MX record, which helps direct mail to the servers that should receive the mail for a particular domain in the DNS, are routed through the higher risk delivery pool regardless of their spam disposition.

The outbound higher risk delivery pool manages the delivery for all “bounced” or “failed” Delivery Status Notification (DSN) messages.

Possible causes for a surge in DSN messages include the following:

  • A spoofing campaign affecting one of the customers using the service

  • A directory harvest attack

  • A spam attack

  • A rogue SMTP server

All of these issues can result in a sudden increase in the number of DSN messages being processed by the service. Many times these DSN messages appear to be spam to other email servers and services.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft