Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tip
Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms on Try Microsoft Defender for Office 365.
Exchange Online enforces outbound sending limits to protect the service from spam, bulk-mailing abuse, and compromised accounts. When a user or organization exceeds these limits, email sending is restricted.
Sending limits in Exchange Online
Exchange Online applies outbound sending limits to all cloud mailboxes. These limits apply at the user and organization levels.
For the complete list of service limits, see Exchange Online sending limits.
Per-user sending limits
The recipient rate limit and message rate limit are hard limits enforced at the service level and can't be increased.
| Limit | Value | Notes |
|---|---|---|
| Recipient rate limit | 10,000 recipients per day | 24-hour sliding window. The mailbox can't send until the number of recipients sent to in the past 24 hours drops below the limit. |
| Message rate limit | 30 messages per minute | Excess submissions are throttled and carried over to following minutes. |
| Recipient limit per message | 500 recipients (default) | Customizable from 1 to 1000 in the Exchange admin center (EAC) or PowerShell. For more information, see Customizable recipient limits in Office 365. |
Note
For the recipient rate limit, distribution groups in the organization's address book count as one recipient. Distribution groups in a mailbox's Contacts folder are counted individually by member.
Tenant External Recipient Rate Limit
The Tenant External Recipient Rate Limit (TERRL) is the maximum number of external recipients an organization can send to per day. TERRL scales automatically with the number of licenses in the organization. Trial organizations have a default limit of 5,000 external recipients per day.
When the TERRL is exceeded, senders receive a non-delivery report (also known as an NDR or bounce message) with the following error:
550 5.7.233 Your message can't be sent because your tenant exceeded its daily limit for sending email to external recipients (tenant external recipient rate limit).
Note
TERRL counts distribution group members individually. For example, a message sent to a distribution group with 1,000 external recipients counts as 1,000 external recipients.
Outbound spam policy limits
Admins can configure more limits in outbound spam policies. For instructions, see Configure outbound spam policies.
| Setting | Description | Valid range |
|---|---|---|
| External message limit | Maximum number of external recipients per hour | 0–10,000 (0 = service default) |
| Internal message limit | Maximum number of internal recipients per hour | 0–10,000 (0 = service default) |
| Daily message limit | Maximum total number of recipients per day | 0–10,000 (0 = service default) |
Connector and relay sending limits
The following limits apply to outbound mail sent through connectors, SMTP relay, or Direct Send scenarios:
| Sending method | Limit | Details |
|---|---|---|
| Client SMTP submission (SMTP AUTH) | 10,000 recipients/day, 30 messages/minute | Uses authenticated user credentials. Subject to per-user limits. |
| SMTP relay (connector-based) | 10,000 recipients/day per mailbox used for relay | Requires a configured outbound connector. Subject to per-user limits for the mailbox. |
| Direct Send | Subject to receiving limits (3,600 messages/hour per recipient) | Sends to internal recipients only. Unauthenticated; not subject to per-user sending limits. |
Tip
For applications or devices that need to send large volumes of outbound email, use SMTP relay through a connector or a non-Microsoft bulk email service rather than Client SMTP submission. For configuration instructions, see Set up a multifunction device or application to send email using Microsoft 365.
Monitor sending usage
Use the following tools to monitor outbound email activity and detect potential issues:
- Message trace: Track individual outbound messages and identify delivery failures. For more information, see Message trace in the Microsoft Defender portal.
- Mail flow reports: Use the following reports in the Exchange admin center to monitor outbound sending. On the Mail flow reports page in the Exchange admin center at https://admin.exchange.microsoft.com/#/reports/mailflowreportsmain, select the report to view. For a complete list of available reports, see Mail flow reports.
- Tenant Outbound External Recipients report: Shows TERRL usage for your organization.
- Mailboxes exceeding receiving limits report: Identifies mailboxes receiving unusually high volumes.
- Built-in alert policies: The following alert policies are enabled by default and send notifications to the TenantAdmins (Global Administrator) group. On the Alert policy page in the Microsoft Defender portal at https://security.microsoft.com/alertpoliciesv2, search for the policy to review or modify its settings:
- Email sending limit exceeded: A user exceeds the outbound sending limits.
- Suspicious email sending patterns detected: Unusual outbound email activity is detected from a user.
- User restricted from sending email: A user is blocked from sending due to outbound spam.
Tip
For programmatic monitoring, use the Get-MailDetailTransportRuleReport and Get-MailTrafficSummaryReport cmdlets in Exchange Online PowerShell.
Best practices for bulk senders
Exchange Online isn't designed for bulk mailing scenarios. If your sending volumes exceed these limits, use a dedicated bulk email service provider. For detailed recommendations, see Outbound spam protection.
Alternatives for bulk email
If your organization needs to send bulk or marketing email, use a service designed for high-volume sending.
- Azure Communication Services Email: A Microsoft service purpose-built for high-volume email sending.
- Non-Microsoft bulk email providers: Purpose-built services for bulk sending.
- On-premises email servers: Maintain your own email infrastructure for mass mailings.
Alternative sending methods for application mail
The following options are for application-generated or device-generated messages, not bulk marketing email. These methods are still subject to Exchange Online sending limits.
- SMTP relay via Microsoft 365: For application-generated messages that need to route through your organization. For more information, see Set up a multifunction device or application to send email using Microsoft 365.
- Direct Send: For devices/applications that send to your own organization only. For more information, see Direct Send.
If you must send bulk email through Microsoft 365
Follow these guidelines to reduce the risk of being blocked or routed to the high-risk delivery pool:
- Configure email authentication: Set up SPF, DKIM, and DMARC for your sending domain.
- Maintain list hygiene: Remove invalid and bouncing email addresses. Honor unsubscribe requests immediately. Use confirmed opt-in (double opt-in) for new subscribers.
- Follow content best practices: Use a consistent and recognizable From address. Write clear, accurate Subject lines. Include a visible and functional unsubscribe link.
- Manage sending rate: Spread bulk sends over time rather than sending all at once. Monitor bounce rates and don't exceed 30 messages per minute per mailbox.
- Protect domain reputation: Use a custom subdomain for bulk email (for example,
m.contoso.comfor marketing). Use message trace to check whether your messages are being routed to the high-risk delivery pool.
What happens when limits are exceeded
The following table summarizes the behavior when each type of sending limit is exceeded:
| Limit exceeded | Behavior | User experience | Admin notification |
|---|---|---|---|
| Per-user recipient rate limit | Mailbox can't send until the 24-hour sliding window drops below the limit. | Messages are rejected. The user can send again after the recipient count from the past 24 hours drops below 10,000. In some cases, the user might also appear on the Restricted entities page. | Alert: Email sending limit exceeded |
| Per-user message rate limit | Messages are throttled (queued and delivered over subsequent minutes). | Slight sending delay; no NDR. | No alert unless sustained. |
| TERRL | All tenant users sending to external recipients are blocked. | NDR 550 5.7.233 returned to senders. |
Alert: Email sending limit exceeded |
| Outbound spam policy limit | Action depends on policy configuration (Restrict, Restrict until next day, or Alert only). | NDR or delivery delay depending on the configured action. | Configured notification recipients are notified. |
| Outbound spam detected | Messages routed to the high-risk delivery pool. If volume continues, user is restricted. | Reduced deliverability; eventual block. | Alert: Suspicious email sending patterns detected |
Tip
Set up custom alert policies to receive notifications before your organization reaches sending limits. For example, create an alert at 80% of your TERRL to allow time to redistribute sending or shift to a non-Microsoft provider.
Resolve blocked sending
When a user exceeds outbound sending limits or is detected sending spam, Exchange Online restricts the user from sending email. The user appears on the Restricted entities page in the Microsoft Defender portal at https://security.microsoft.com/restrictedusers.
A blocked user shows the following symptoms:
- The user receives an NDR with error code 5.1.8 (bad outbound sender, typically due to suspected spam) when trying to send email.
- The user appears on the Restricted entities page.
- Admins receive the User restricted from sending email alert notification.
Before unblocking the user, determine why the restriction was applied:
- Compromised account: The account might be compromised and used to send spam. Check sign-in logs for suspicious activity, look for unknown inbox rules or forwarding rules, and review recent sent items.
- Legitimate bulk send: The user intentionally sent a large volume of email that exceeded limits. Consider the alternative sending methods described in Best practices for bulk senders.
For detailed steps to investigate, remediate compromised accounts, and remove users from the Restricted entities page, see Remove blocked users from the Restricted entities page.
To prevent future blocks, take the following actions:
- Configure outbound spam policies with appropriate per-hour and daily limits and notifications.
- Ensure Email sending limit exceeded alert policies are active.
- Inform users about sending limits and bulk email alternatives.
- Enable MFA to protect accounts from compromise.
- Review mail flow reports and message traces periodically.