Is there a way to stop outbound spam attacks from inside my campus?

This was a question from a college in Colorado. They had a student email account hijacked from a phishing scam and it was then used for a mass outbound spam attack.  The question became: How I can prevent this? Is there a way to throttle outbound messaging per user? The answer, coming from Program Manager Todd Luttinen, is yes.

In Exchange 2010, there is a new cmdlet called New-ThrottlePolicy within that cmdlet you can set the  RecipientRateLimit which limits the number of recipients a user can address in a 24-hour period.  Having a low 24 hour send limit is the method for throttle mass spaming outbound per user.  I believe Outlook Live has this outbound spam protection value set to 250 users per day per mailbox.

 

Read more about the cmdlet here.