Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders.
The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on cloud-hosted mailboxes of existing tenants between July and December 2025.
As explained last year, this new Mailbox External Recipient Rate Limit was designed to prevent Microsoft 365 customers from abusing Exchange Online resources and to restrict unfair usage.
However, on Tuesday, Microsoft announced that the Exchange Online bulk emailing rate limit is being canceled indefinitely, following negative customer feedback.
“Customers have shared that this limit creates significant operational challenges, especially given the limited capabilities of bulk sending offerings available today. Your feedback matters, and we’re committed to solutions that balance security and usability without causing unnecessary disruption,” the Exchange Team said.
“However, we plan to address these issues in ways that are less disruptive to your business workflows. This means smarter, more adaptive approaches that protect the service while respecting your operational needs.”
While Exchange Online doesn’t support sending large volumes of email from a single account, it does enforce a Recipient Rate limit of 10,000 recipients and a Tenant External Recipient Rate Limit of 5,000 external recipients per day, which will remain unchanged.
Google is also working to strengthen defenses against spam and phishing attacks and is now automatically blocking emails from bulk senders who authenticate their messages and don’t meet stricter spam thresholds as required by new guidelines since April 2024.
As announced in October 2023, those who need to send more than 5,000 messages per day to Gmail accounts must set up SPF/DKIM and DMARC email authentication for their domains.
According to Google’s new guidelines, bulk email senders must also avoid sending unsolicited messages, provide a one-click unsubscribe option, and respond to unsubscribe requests within 2 days to prevent Gmail from rejecting all offending emails.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.