You have just received this message “Domain has exceeded the max defers and failures per hour” and are confused.
First the explanation:
Clients who send out mass mailings normally trigger this feature on Linux Cpanel web servers, due to the number of bad/undeliverable email addresses on their lists. They will receive a bounce message with an error similar to the following:
Domain has exceeded the max defers and failures per hour (5/5 (26%)) allowed. Message discarded.
The server monitors emails sent through all email accounts on your domain, and if, over the past hour, more than 25% of the attempted deliveries have failed, outbound email will temporarily be limited.
The “(5/5)” portion of the error indicates that the measurement of bounces kicked in once 5 bounces were detected during the hour. In other words, if you have 4 bounces in an hour during which you sent 16 emails, even though 25% of your emails have bounced, nothing will happen because you are under 5 bounces. Once you reach five bounces in an hour, the bounce percentage measurement is taken and a sending restriction is enforced if you’re over the bounce percentage limit.
Sometimes this is a ‘false’ trigger and restarting the servers mail manager will eradicate the messages appearing again.
Remember this is a SENDING error and may be stopped if the OUTGOING SERVER on local machines is set as the ISP’s SMTP.
If you send mass mail and haven’t kept your mailing list clean by removing invalid email addresses, you may generate enough bounces to have your mailings limited. The only way to work around this is to clean up your list and remove any invalid email addresses.
Some domains and local machines have viruses stored on them that use the e-mail facility to send other viruses or just to take part in a DDOS (Distributed Denial of Service Attack) resulting in the domain or infected machine sending hundred/thousands of e-mails an hour. The max defers and failures feature helps combat such attacks.
For an example of a botnet attack read what Cloud Flare says:
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs.
One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack. These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic. This is a similar tactic that was used to build the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was behind the large attacks on US financial institutions.
Read more about the WordPress Botnet attack on Cloud Flare.
If you’re not sure exactly what is causing this, you can probably figure it out by using the Email Trace icon in your hosting control panel. When you click the Email Trace icon, you’ll see a field where you can enter a recipient’s email address and then click a “Run Report” button to get information about email sent to that recipient. If you enter nothing for the recipient email address, you’ll get back data for all email traffic, and as you look through it you should see groups of bounced messages which can help you determine what sender caused the problem, and why.