Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

Change Exchange Online recipient limit

Need to change Exchange online Recipient Limits. The default value is 500 and can't be modified.
In this case, users are able to send bulk\Spam messages by selecting entire global address list.

1,098 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Bruno Leonardo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    thinking about it  ·  AdminO365 Compliance and Protection Feedback (Admin, Microsoft Office 365) responded  · 

    Thank you for the feedback. Most of the comments here reflect a desire to be able to LOWER the recipient limit for a specific user. This is something we will consider as priorities allow. If you’re voting or commenting — we would be curious if this is driven more by account compromises or just user behavior (e.g., don’t have permissions to send to the DL, so the user just expands the DL)?

    For issues with compromised accounts, we want you to be aware that we take this issue seriously and have been working on that problem from many angles. That said, we believe that limiting the number of recipients per email will not stop or even slow the bad guys significantly. Instead, we encourage you to visit https://securescore.office.com/ and implement best practices to protect your organization.

    For any comments regarding other issues with limits or throttling (e.g., increasing a limit), please start NEW items and please be clear what the scenario is that you need to support and why. Limits are a necessary piece of any email service, but we don’t want them to be obtrusive and block valid business scenarios.

    Show previous admin responses (1)

    83 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Colin Slater commented  ·   ·  Flag as inappropriate

        I often have a requirement to limit the recipients to cc and bcc for enthusiastic users that don't realise the implications of blasting out emails.

        It is very strange that in EAC editting a user mailbox->Mailbox Features->Mail Flow. The option to limit the recipient numbers is there but it is greyed out?

        I dont understand the comments in the Admin reply saying "we have been working on this from many angles". The option is available it is disabled. Why

      • Anonymous commented  ·   ·  Flag as inappropriate

        We need to be able to set the Recipient Limit right down to, say, 20-30 to prevent hacked accounts spamming large numbers of external users. This seems an obvious security measure and, if it were coupled with the ability to give certain users higher limits, this would surely lessen the impact on phished/hacked accounts on Microsoft. Even the ability to send an Alert when an email is sent to large (definable) numbers of recipients would be good but i can't even find that in the Security Centre.

      • Jeremy Bradshaw commented  ·   ·  Flag as inappropriate

        My comment is in response to the "Thinking About It" update. This feature is good for situations where you need to mail/mailbox-enable an account (for whatever reason, there are valid reasons), but you don't want that account to be used for sending emails. This could easily be accomplished in the past using the MaxRecipients property on on-premises mailboxes.

      • Anonymous commented  ·   ·  Flag as inappropriate

        the ability to lower the limit is needed for spam/phishing emails so the distribution is limited and doesn't at once go out to so many mailboxes.

        also users that are blocked from DL's just expand it which defeats the purpose.

      • Anonymous commented  ·   ·  Flag as inappropriate

        We would like to have the capability to send to more than 500 email addresses. Whether that is tied to an AD group or a specific mailbox wouldn't matter. We frequently have to send multiple emails out more than once because we have had to break up the email addresses into groups of 500.

      • OB1 commented  ·   ·  Flag as inappropriate

        We have continuing problems with staff sending bulk emails with all recipient addresses visible to other recipients which is a breach of GDPR regs. This despite extensive staff training. Providing administrators with the option to limit the number of recipients would at least contain the problem to manageable proportions.

      • Martin Albertraj commented  ·   ·  Flag as inappropriate

        Try set recipient limit through AD.

        Import-CSV "D:\File.Csv" | %{Set-ADUser -Identity $_.samAccountName -Replace @{msExchRecipLimit="100"}}

      • Kevin Bennett commented  ·   ·  Flag as inappropriate

        I would like to lower the recipient limit because of user behavior. We are a secondary school of 1200 students and when we used on prem Exchange we had the recipient limit for students set to 5 to prevent mail flooding and other time-wasting behavior. With the limit set at 500 in EOL, this behavior has resurfaced and is causing us grief.

      • Jeff Evans commented  ·   ·  Flag as inappropriate

        We often have users inappropriately include large numbers of recipients - would be great if we could restrict departments and individuals to lessor recipient counts.

      • Michael commented  ·   ·  Flag as inappropriate

        I believe the best way would be to implement a feature/option that only allows certain people via security group to send to large number of recipients. Don't take away the 500 limit. There are legitimate uses for sending to 500 people.

      • Anonymous commented  ·   ·  Flag as inappropriate

        any employee who would be leaving from an organisation can send unappropriate email copying as many as to 500 users which is a security issue for any organization. You'll also agree that bad elements exist everywhere. so please include this feature ASAP in O365 exchange.

      • Eduardo commented  ·   ·  Flag as inappropriate

        I need to limit the users that just decide sent email to the whole company.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I can't imagine it is impossible to customize the maximum receipient limit. It's possible to change that on Exchange on premise, why not in the cloud version? We want to be able to limit "normal" users to 30 receipients and only allow "special" roles to send to the whole company. This is a real serious issue for us!!

      • Naresh Rao commented  ·   ·  Flag as inappropriate

        My customer wants to lower limits for employee who have resigned and are on notice period. To avoid any spam mails, as experienced by them in the past.

      • Bill S commented  ·   ·  Flag as inappropriate

        Our company would like to be able to modify rate limits.....for example being able to limit accounts to only be able to send a max of 50 emails per hour.

      • pradeep p commented  ·   ·  Flag as inappropriate

        would like to limit for the entire organization to 30 to 40 recipients per mail, and allow only selected users to send mass mails which can be more that 500 sometimes. we need this flexibility on priority.

      ← Previous 1 3 4 5

      Office 365 Security & Compliance: Spam & Phishing

      Feedback and Knowledge Base

      (thinking…)

      Related Sites