I've had problems even at ten minutes. Two types of cases, both rare and
1. Obscenities such as multimegabyte-long To fields. If each To address
is processed somehow and the processing takes a 0.01 second, that's a
limit of only 60,000 addresses in To.
2. Slow upstream connections from submitting MUAs that start the clock
when they hand the last byte over to their TCP or SSL implementation.
I find it difficult to be very excited about either of these. Just
another inept spammer, just another MUA bug. Shrug.
Ahem. While it is true that the common case these days of having huge numbers
of addresses in the header is the result of incompetent spam, there are also
situations where legitimate email does this.
More specifically, there can be legal requirements for all message recipients
to be listed in the header. Just putting in the address of a mailing list is
unaccepatable because the content of that list can vary over time. Depending on
the specific requirements in a given jurisdiction, it may be necessary to
expand the list into the header - alternative schemes such as keeping a precide
revision history for the list, or accurate logs of message traffic, while
technically OK, may not be allosed. (These systems typically also impose
draconian restrictions on forwarding, but that's a separate matter.)
Some years back we dealt with several setups where this was being done. In one
of them it was routine to see 40,000 addresses or more in a single header
field. And since this was a gateway situation there was no alternative but to
process them all. It took some doing to get the performance up to acceptable
Once again, there's a lot more variety out there than you might think.