/features/smtp-policy

SMTP Policy

Qboxmail guarantees a high level of deliverability for all emails sent from our SMTP servers. In order to guarantee high standards of service, we have a set of security measures in place against password theft (Account Takeover Protection) on our SMTPs. This ensures that the correct use policies and sending limits are respected.

Account Takeover Protection

The account takeover is a kind of attack criminals use to impersonate a victim's identity by stealing their login credentials.

Qboxmail includes an account takeover protection system. Protection consists of various levels of analysis and procedures. Access to each email account is constantly monitored and, if an abnormal activity is registered (e.g. unusual time/origin of login), it can trigger an alarm.

When a suspicious activity is detected, this will be automatically notified to both the user and their manager. Furthermore, the anomalous activity is immediately inhibited.

Through the control panel, you are able to analyze these suspicious activities through Tracemail. It is also possible to apply additional security measures, such as two-factor authentication, blocking the use of old passwords, or restricting access to email accounts whose IP addresses are trusted or come from corporate VPNs.

Policy for the correct use of SMTP services

Some of the permitted vs unacceptable activities that customers and users must follow are shown below:

  • It is allowed to send personal emails from the user's email clients (Outlook, Thunderbird, iPhone, Webmail, or other email clients);
  • It is allowed to send transactional emails from your billing/e-commerce systems;
  • it is not allowed to send newsletters/email marketing;
  • the sending email address ('From' field) must match the domain of the authenticated user, or one of its aliases;
  • any other type of abuse, deemed as such due to the fact that it may affect the operation of other users, provides for the temporary blocking of the SMTP service.

Qboxmail SMTP sending limits

The authenticated SMTP provided with the email hosting service must be used within the following limits:

  • The maximum size of messages that can be sent is 50 MB;
  • The maximum number of recipients for each individual submission is 150;
  • The maximum sending rate is 5 messages every second (300 every minute)
  • The maximum number of authentications that can be executed within 30 minutes is 300;
  • The maximum number of different IP addresses that it is possible to authenticate from within 30 minutes is 5;
  • Any other type of abuse (considered as such as it can affect the operations of other users) provides for the temporary blocking of the SMTP service;
  • Messages must come from a sender corresponding to an active domain on Qboxmail.

Each active account on Qboxmail has an included 250 messages in 24 hours. When this threshold is exceeded, SMTP sends a "Quota exceeded (number of messages in total)" error.

When the daily sending limit for an email account is exceeded, the system sends a notification via email to the user and the owner of the account, specifying that the limit has been surpassed and how to increase it.

Emails generated inside the same domain are sent even after having exceeded the quota.

Daily sending limits

If you need to send more than the included 250 messages per day, you can exceed the daily sending limit for a single email account.

You can increase the daily sending limits directly from the control panel by selecting Domain > Email Account > General > Sending Limits > Save and choosing the desired option.

The various limits are indicated in the following table:

Account messages in 24h Basic Professional Enterprise
250 included included included
1.000 paid option included included
2.000 paid option paid option paid option
5.000 paid option paid option paid option

You can find all the service prices on the pricing page within the control panel.

If you want more 24h messages, please consider the Email Delivery service.

The related amount will be automatically counted in your next invoice.

If you have an annual billing plan, the SMTP service invoice will also be annual and will coincide with the expiry date of the service.

We remind you that all emails sent by our SMTP are automatically signed with DKIM. For more information on DKIM signing, consult the documentation.

Antispam and Anti-abuse policy

The policies and limits on our SMTP are necessary to prevent any black list or penalty. Moreover, they block botnets that could have acquired a user's password fraudulently from sending any emails, and avoid any abuse by users of the service themselves.

The violation policy requires that the account be blocked at the SMTP level if an abnormal activity of connection to a suspicious server is detected. By anomalous activity, we mean:

  • A high number of SMTP authentications in a few minutes;
  • Simultaneous authentication from several IP addresses;
  • Sending messages containing spam/phishing.

With the SMTP block, all other functions, including email consultation, remain active.

The block has been designed in such a way that it does not come into operation during the normal activity of sending emails using the classic consulting tools and sending emails (MS Outlook, Thunderbird, iPhone, Webmail, or other email clients) . On the contrary, the block can be activated if the account is entered in automated systems for sending emails (such as Sendblaster or other software for sending a maximum number of newsletters) or if you send mass emails from your email or webmail client.

Unblocking SMTP

You can unblock an account that has encountered an SMTP block from your control panel by going to Domains > Domain name > Blocked email account > Settings > General > Services > reactivate access to the SMTP connection > Save.

Before unlocking, we ask you to scan the user's PC first to make sure there are no viruses or malware. Then, change their account password. For added security, additional measures can be activated such as limiting the number of IP addresses, or requesting a two-factor authentication at login.

If, as a result of unblocking, the same user is involved in new types of abuse, their account will be blocked by our operators. The account will remain blocked until we have received confirmation on the interruption of the abusive behavior, with confirmation that the issue causing the sending of spam/phishing emails (usually a PC infected with a virus that steals your email password) was resolved.

Monitoring of email messages through Tracemail

With Tracemail > Sent Mail (available in the control panel), you will be able to have details on each email sent by the email accounts belonging to a specific domain. This can help diagnose the causes of any user/email block.

Spam from the compromised SMTP account and analyzed by Tracemail

The SMTP service analyzes outgoing emails to detect the presence of viruses or spam, in the event that these messages contain material that is harmful to the receiving users or to the reputation of the Qboxmail servers. If this is the case, the emails will be blocked and will not be delivered.

Sending limits during the trial period

During the free trial period, the number of messages that can be sent is reduced to 25 per email account every 24 hours, in order to avoid abuse. When this limit is exceeded, the SMTP server will present the following error: "Quota exceeded (total number of messages)". The counter automatically resets 24 hours after the first sent email. The limit is removed once an order is completed from the control panel.

We use cookies to provide you with a better browsing experience, continuing to accept their use.

Accept