Exchange Server|Office 365

Microsoft to Crackdown on High Volume Microsoft 365 Email Offenders

If your organization has mailboxes that are overflowing with data and you have been ignoring the warnings that they have surpassed the receiving limits for the account, you will need to start paying more attention. Microsoft has announced that it will be strictly enforcing limits across all mailboxes to protect the health of its system.

Starting in April, Microsoft will begin to enforce a limit of 3600 messages per hour to a recipient (MC239262). If you surpass this threshold, the company states that they will throttle messages to the account.

The fact that the company is making this a hard limit, previously it was a soft cap, means they must be seeing challenges from specific accounts. Because of this, you will need to take action if you have a mailbox surpassing this message-per-hour rate.

And you might be thinking, “how will I know if I have an account that is going to be hit by this new ceiling?” Even though Microsoft says that there are only a small number of accounts that will be impacted, they have created a new alert called “Mailbox exceeding receiving limits” insight and report in the Exchange Admin Center that will generate a notification if one or more accounts meets this threshold.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

If you navigate to and see the following text, “Some mailboxes need attention: one or more mailboxes have exceeded their receiving limits” – then you need to take action.

Thinking a bit more logically, receiving more than 3600 emails per hour is significant and likely indicates that the inbox is the dumping-ground for some sort of automated action. While there are potentially public-facing email addresses, like a “contact us” that could hit this volume, it would seem more logical that a company is using a mailbox for reporting of transactional information and sending it to an inbox.

If this is you, then you are going to need to find a new path for monitoring the health of whatever system is tied to that mailbox. Previously, I have seen instances where a client will have a status email sent to an inbox and then have a rule set up for the word “fail” and only when that word is detected, to fire off an alert which means the thousands of other emails are simply noise. This is one example of how someone could be surpassing the 3600 limit.

All this being said, starting in April Microsoft is going to get serious about imposing the 3600 rate limit, if you think you have an account close to or exceeding that rate, you need to act now to mitigate the offending account from facing potential disruption in a few weeks.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “Microsoft to Crackdown on High Volume Microsoft 365 Email Offenders”

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: