I’ve just written a proposal for implementing rate limits on outgoing email via ppswitch (our central email relay). The aim is to detect and stop floods of viruses or spam from a compromised machine on the University’s network.
The document includes a description of the simple mathematical model I’m planning to use to compute a client’s sending rate. It seems to satisfy my requirements but if anyone has any better ideas then I’m all ears.
http://www.cus.cam.ac.uk/~fanf2/hermes/doc/antiforgery/ratelimit.html