Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

Change Exchange Online recipient limit

Need to change Exchange online Recipient Limits. The default value is 500 and can't be modified.
In this case, users are able to send bulk\Spam messages by selecting entire global address list.

1,224 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Bruno Leonardo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
thinking about it  ·  O365 Compliance and Protection Feedback responded  · 

Thank you for the feedback. Most of the comments here reflect a desire to be able to LOWER the recipient limit for a specific user. This is something we will consider as priorities allow. If you’re voting or commenting — we would be curious if this is driven more by account compromises or just user behavior (e.g., don’t have permissions to send to the DL, so the user just expands the DL)?

For issues with compromised accounts, we want you to be aware that we take this issue seriously and have been working on that problem from many angles. That said, we believe that limiting the number of recipients per email will not stop or even slow the bad guys significantly. Instead, we encourage you to visit https://securescore.office.com/ and implement best practices to protect your organization.

For any comments regarding other issues with limits or throttling (e.g., increasing a limit), please start NEW items and please be clear what the scenario is that you need to support and why. Limits are a necessary piece of any email service, but we don’t want them to be obtrusive and block valid business scenarios.

Show previous admin responses (1)

93 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Close
Close
Submitting...
  • Umair Shaikh commented  ·   ·  Flag as inappropriate

    We have continuing problems with staff sending bulk emails with all recipient addresses v. Providing administrators with the option to limit the number of recipients would at least contain the problem to manageable proportions.

  • Deepika Sharma commented  ·   ·  Flag as inappropriate

    One of our clients need to change the default limit of 500 to 30 for their organization. They would like to reduce the potential impact of outbound spam through their email accounts.

  • Jasim Algannas commented  ·   ·  Flag as inappropriate

    We've a requirement to set max recipient size to certain users with certain limits for all 0365 users in the organization, while assigning exceptions (500) for certain users? Is this achievable? We used to do same in on premise exchange and now we have hybrid setup with Exchange 2016 & 0365.” This is very important to our organization (Kingdom of Bahrain Parliament) to reduce unwanted emails from non critical users.

  • Jose Sisto commented  ·   ·  Flag as inappropriate

    This is one of the biggest security flaws Exchange have and all of us have been waiting for long time. Is MS helping hackers and enemies?

  • Anonymous commented  ·   ·  Flag as inappropriate

    I want to reduce the number of internal emails sent. We set up moderation on distribution groups but this doesn't stop users selecting everyone in their address book. I don't want a million emails being replied to daily about cakes for someones birthday or it is my last day, good bye! Put a note on a noticeboard!
    The issue is that when people reply from phones, it defaults to "reply all" and we all hear the replies and these can go on for a few hours and mount up to thousands of emails to be deleted or filtered through. Allow us to choose the maximum. I would say anything more than 10 goes to moderation.

  • Joel commented  ·   ·  Flag as inappropriate

    At the very least if the number of external recipients exceeds an administrator setting the email should be held for review.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I need the option to lower the number of recipients due to user behaviour - it's to help stop my users from creating mail-merges to many external users when they should be using third party software for this.

  • Mike Youing commented  ·   ·  Flag as inappropriate

    We used this feature to limit the recipients for several reasons and now that is not available to the accounts we migrated to O365. This is causing several issues that our executive team does not like. Run to the cloud, its great, but we are taking things away. Sorry that is no longer available is not something that executives like to hear.

  • Colin Slater commented  ·   ·  Flag as inappropriate

    I often have a requirement to limit the recipients to cc and bcc for enthusiastic users that don't realise the implications of blasting out emails.

    It is very strange that in EAC editting a user mailbox->Mailbox Features->Mail Flow. The option to limit the recipient numbers is there but it is greyed out?

    I dont understand the comments in the Admin reply saying "we have been working on this from many angles". The option is available it is disabled. Why

  • Anonymous commented  ·   ·  Flag as inappropriate

    We need to be able to set the Recipient Limit right down to, say, 20-30 to prevent hacked accounts spamming large numbers of external users. This seems an obvious security measure and, if it were coupled with the ability to give certain users higher limits, this would surely lessen the impact on phished/hacked accounts on Microsoft. Even the ability to send an Alert when an email is sent to large (definable) numbers of recipients would be good but i can't even find that in the Security Centre.

  • Jeremy Bradshaw commented  ·   ·  Flag as inappropriate

    My comment is in response to the "Thinking About It" update. This feature is good for situations where you need to mail/mailbox-enable an account (for whatever reason, there are valid reasons), but you don't want that account to be used for sending emails. This could easily be accomplished in the past using the MaxRecipients property on on-premises mailboxes.

  • Anonymous commented  ·   ·  Flag as inappropriate

    the ability to lower the limit is needed for spam/phishing emails so the distribution is limited and doesn't at once go out to so many mailboxes.

    also users that are blocked from DL's just expand it which defeats the purpose.

  • Anonymous commented  ·   ·  Flag as inappropriate

    We would like to have the capability to send to more than 500 email addresses. Whether that is tied to an AD group or a specific mailbox wouldn't matter. We frequently have to send multiple emails out more than once because we have had to break up the email addresses into groups of 500.

  • OB1 commented  ·   ·  Flag as inappropriate

    We have continuing problems with staff sending bulk emails with all recipient addresses visible to other recipients which is a breach of GDPR regs. This despite extensive staff training. Providing administrators with the option to limit the number of recipients would at least contain the problem to manageable proportions.

  • Martin Albertraj commented  ·   ·  Flag as inappropriate

    Try set recipient limit through AD.

    Import-CSV "D:\File.Csv" | %{Set-ADUser -Identity $_.samAccountName -Replace @{msExchRecipLimit="100"}}

← Previous 1 3 4 5

Office 365 Security & Compliance: Spam & Phishing

Feedback and Knowledge Base

(thinking…)

Related Sites