How can we improve compliance or protect your users better in Office 365?

Change Exchange Online recipient limit

Need to change Exchange online Recipient Limits. The default value is 500 and can't be modified.
In this case, users are able to send bulk\Spam messages by selecting entire global address list.

484 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Bruno Leonardo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for the feedback. Most of the comments here reflect a desire to be able to LOWER the recipient limit for a specific user. This is something we will consider as priorities allow. If you’re voting or commenting — we would be curious if this is driven more by account compromises or just user behavior (e.g., don’t have permissions to send to the DL, so the user just expands the DL)?

    For issues with compromised accounts, we want you to be aware that we take this issue seriously and have been working on that problem from many angles. That said, we believe that limiting the number of recipients per email will not stop or even slow the bad guys significantly. Instead, we encourage you to visit https://securescore.office.com/ and implement best practices to protect your organization.

    For any comments regarding other issues with limits or throttling (e.g., increasing a limit), please start NEW items and please be clear what the scenario is that you need to support and why. Limits are a necessary piece of any email service, but we don’t want them to be obtrusive and block valid business scenarios.

    42 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Francisco Chichizola commented  ·   ·  Flag as inappropriate

        More than arbitrarily lowering the limit, we need control of it. Depending on the business and down to the individual use. The 500 (greyed out) limit, should be available to be changed by the administrator for each user he/she administers.

      • Elias Yammine commented  ·   ·  Flag as inappropriate

        Please this is very important and urgent. there should be an option to limit the number of recipients within the same outgoing email.

      • Maicol Silva commented  ·   ·  Flag as inappropriate

        Hello Devs.

        We would like to have the option to limit our users in our domain from sending emails to external recipients. Something like this:

        Set-TransportConfig -MaxRecipientEnvelopeLimit (choose the limit here)

        So we could stipulate that they can only send up to 15 different recipients or so. This would help us control our organization from accidentally being considered spammers.

      • Austin Stratton commented  ·   ·  Flag as inappropriate

        Please just enable the Set-TransportConfig -MaxRecipientEnvelopeLimit cmdlet on EXO.

        Lives will be made easier.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Agreed that this limit should be adjustable at the very least. Most enterprises likely have a requirement for this value to be lower than 500 to reduce the impact that a compromised mailbox has or reduce the impact of user error.

      • Galion Chris commented  ·   ·  Flag as inappropriate

        95% of the users in our organization would have no reason to send an email to more than 20 people at a time, or more than 100 in a day. Those that do, could/should have access to send via a distribution list. having an end user with the ability to forward a fishing email to 2000 email boxes with 4 different emails in the span of a couple minutes is ridiculous. There HAS to be a way to lower this. Better yet, lower it for everyone, but charge an extra buck per month for each additional 100 email at a time / 1000 per day.

      • Mike Walker commented  ·   ·  Flag as inappropriate

        We are creating an F1 group of users with restricted capabilities for email (OWA only, cannot send to any DL), but apparently the plan to set RecipientLimits=2 isn't going to happen...

      • Peter commented  ·   ·  Flag as inappropriate

        We would like this option enabled so we can restrict bulk emailing from compromised accounts.

      • Adam Beggy commented  ·   ·  Flag as inappropriate

        We would like this option enabled so we can restrict bulk emailing from compromised accounts

      • RALOE MEDITERRANEO, S.L. commented  ·   ·  Flag as inappropriate

        We need to have this limit lowered so that when a person leaves we do not need to worry about them sending mass emails possibly degrading the company. We have had this in place for years and need to have it in place in O365. It also helps to restrict spam bots and messages of the like.

      • Ilan Lanz commented  ·   ·  Flag as inappropriate

        applying recipient limits at the user level is a setting that a few enterprises has implemented to better control user behavior, this was available in Exchange On-Premises.

        users can expand dl's which they cannot send to, and send those mass emails even if they shouldn't.

        I guess that if surfacing recipient count within a transport rule that would also fit as a decent workaround :)

      • Steve D commented  ·   ·  Flag as inappropriate

        We need to have this limit lowered so that when a person leaves we do not need to worry about them sending mass emails possibly degrading the company. We have had this in place for years and need to have it in place in O365. It also helps to restrict spam bots and messages of the like.

      • Chris Scerbo commented  ·   ·  Flag as inappropriate

        The ability to lower the limit would be very helpful. Compromised accounts is the main reason we want the feature as well. At least if an account is compromised and the limits are more in line with the needs of the actual users mass emails of to a compromised address list will be significantly more limited in scope. Our clients are small businesses and the users would rarely send more than 100 messages in any given day.

      • Anonymous commented  ·   ·  Flag as inappropriate

        we are struggling with our 2400+ students mass emailing each other, generating 1000's of spam emails which you systems are having to deal with when on the old ON prem version they could only send to 2 or possible 10 people max, we have limited access to groups so they cant email groups but that does not stop them expanding the group and emailing the 450 members of that group. this is affecting 2 large secondary school sites, and I am sure many other schools are the same.

      • Anonymous commented  ·   ·  Flag as inappropriate

        My company would also like to be able to set on a per person basis to have a lower recipient limit less than 500 as a default. With the ability to run a PowerShell script to mass change the recipient limit. This would help our users better utilize our mail system.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Please enable this feature of changing the max recipient limit. We wish to change our limit to less than 500.

      • Anonymous commented  ·   ·  Flag as inappropriate

        In an educational setting with 40,000+ users it's not unusual to have compromised accounts and being able to restrict default limits would be extremely helpful in controlling spam/phishing. We would like to be able to tweak individual users where there is a business case for sending higher volumes of mail.

      • Mark Domansky commented  ·   ·  Flag as inappropriate

        I want to be able to reduce the recipient daily limit on a default and per-user basis. 10000 is huge for a spammer and most users don't send to that many people on a daily basis.

      • Suki R commented  ·   ·  Flag as inappropriate

        Being able to modify the default value would be very useful within an organisation.

      ← Previous 1 3

      Feedback and Knowledge Base