Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Change Exchange Online recipient limit

Need to change Exchange online Recipient Limits. The default value is 500 and can't be modified.
In this case, users are able to send bulk\Spam messages by selecting entire global address list.

628 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Bruno Leonardo shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for the feedback. Most of the comments here reflect a desire to be able to LOWER the recipient limit for a specific user. This is something we will consider as priorities allow. If you’re voting or commenting — we would be curious if this is driven more by account compromises or just user behavior (e.g., don’t have permissions to send to the DL, so the user just expands the DL)?

    For issues with compromised accounts, we want you to be aware that we take this issue seriously and have been working on that problem from many angles. That said, we believe that limiting the number of recipients per email will not stop or even slow the bad guys significantly. Instead, we encourage you to visit https://securescore.office.com/ and implement best practices to protect your organization.

    For any comments regarding other issues with limits or throttling (e.g., increasing a limit), please start NEW items and please be clear what the scenario is that you need to support and why. Limits are a necessary piece of any email service, but we don’t want them to be obtrusive and block valid business scenarios.

    52 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Charles Carmichael commented  ·   ·  Flag as inappropriate

        Lowering the number for us is more to limit bad behavior of users; expanding a DL but more so compliance with email marketing laws and company policies. Our previous hosted email would monitor do two things 1) only allow up to 200, still want this WAY lower and 2) monitor if the end user was attempting to game the system by sending in smaller batches. if the user was suspect of attempting to game, they got a warning, admin got a notice if they did it again they were blocked. It was very helpful as it also worked if the account had been compromised as well.

      • Anonymous commented  ·   ·  Flag as inappropriate

        "Limiting the number of recipients per email may not slow the bad guys significantly" - Yes, and speed limit signs don't stop all speeders but that doesn't mean they aren't a common sense precaution. We have a few people in my organization that send to large recipients groups but the vast majority could be capped at 50 recipients and never even notice it. I understand Microsoft's concerns about increasing but what is the possible harm in allowing administrators to decrease it? Or the logic in saying this is the appropriate limit for every person in every organization? The ability to mass send e-mails just doesn't need to in the hands of every random temp or intern that walks through the door.

      • Przemyslaw Jagusiak commented  ·   ·  Flag as inappropriate

        Please this is very important and urgent. there should be an option to limit the number of recipients within the same outgoing email.

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is just proving how useless O365 is on point of phishing emails. We should be able to decide how many recipients we allow in our organisation and it is available in on-premise Exchange so don't understand you decided to switch off that functionality. Are you going backwards? But since you are not able to implement that in 3 years I wouldn't think it would change in the future

      • Michiel van Heerde commented  ·   ·  Flag as inappropriate

        Our Helpdesk wants to be able to send out emails to the entire internal company, this however is impossible with only one distribution group as the limit is 500 recipients and we have over 500 colleagues. We really would like to be able to increase the limit, if only for our internal mail flow.

      • Ron Gerber commented  ·   ·  Flag as inappropriate

        I run an IT seminar firm that features Microsoft speakers nationwide. About a year ago, my IT services/consulting firm switched me from managing our own onsite Exchange server, to Office365. However I was never informed that there were recipient limits and other constraints tied to emailing on Office365. There are both explicit limits (30/sec, 10K/day) and "hidden" restrictions, e.g. when I send the same email invite to 10 different people, 10 minutes apart, the Microsoft algorithm views this as spam and shuts down the account. Using a third party bulk email service is NOT the answer, since I am not sending out one bulk email a week but am sending out the same email all day long, to a few people.

        So now I have to switch to a managed exchange service provider, to maintain my outlook/exchange setup but avoid the email limits.

        So I would strongly recommend much more flexibility here, and the ability to send out more emails.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Another aspect to this problem is when users (without thinking) send emails out to large numbers of customers or suppliers without using Bcc. These mass emails effectively share the email addresses of every recipient with every other recipient, which is potentially a GDPR issue. I've had several occasions where a customer has visibly copied me (and all my competitors) into an email

      • Anonymous commented  ·   ·  Flag as inappropriate

        Please get this implemented. It would be nice to limit the impact of a compromised email. And it would be great to get emails as soon as this limit was hit.

      • Paul Zender commented  ·   ·  Flag as inappropriate

        I do not know why Microsoft is being stubborn on this issue. We had ps scripts that ran in Ex2007 that if a person sent to over a certain amount (configurable) to external only, it sent the admins an email so we could shutdown the compromised user instead of finding out two days later when we were being blocked by major ISP's for sending them spam. So if Microsoft wont let us make the recipient limit configurable, at least have a transport rule in 365 that does this and is configurable so we can put in whatever number we want.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Please enable this.

        We want to be able to lower the limit for students (not for staff) because there is no need for students to email more than a small number of people at any one time.

        Unfortunately it is a fact that some students do misuse this, e.g. by sending an email to their entire yeargroup

      • Francisco Chichizola commented  ·   ·  Flag as inappropriate

        More than arbitrarily lowering the limit, we need control of it. Depending on the business and down to the individual use. The 500 (greyed out) limit, should be available to be changed by the administrator for each user he/she administers.

      • Elias Yammine commented  ·   ·  Flag as inappropriate

        Please this is very important and urgent. there should be an option to limit the number of recipients within the same outgoing email.

      • Maicol Silva commented  ·   ·  Flag as inappropriate

        Hello Devs.

        We would like to have the option to limit our users in our domain from sending emails to external recipients. Something like this:

        Set-TransportConfig -MaxRecipientEnvelopeLimit (choose the limit here)

        So we could stipulate that they can only send up to 15 different recipients or so. This would help us control our organization from accidentally being considered spammers.

      • Austin Stratton commented  ·   ·  Flag as inappropriate

        Please just enable the Set-TransportConfig -MaxRecipientEnvelopeLimit cmdlet on EXO.

        Lives will be made easier.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Agreed that this limit should be adjustable at the very least. Most enterprises likely have a requirement for this value to be lower than 500 to reduce the impact that a compromised mailbox has or reduce the impact of user error.

      • Galion Chris commented  ·   ·  Flag as inappropriate

        95% of the users in our organization would have no reason to send an email to more than 20 people at a time, or more than 100 in a day. Those that do, could/should have access to send via a distribution list. having an end user with the ability to forward a fishing email to 2000 email boxes with 4 different emails in the span of a couple minutes is ridiculous. There HAS to be a way to lower this. Better yet, lower it for everyone, but charge an extra buck per month for each additional 100 email at a time / 1000 per day.

      • Mike Walker commented  ·   ·  Flag as inappropriate

        We are creating an F1 group of users with restricted capabilities for email (OWA only, cannot send to any DL), but apparently the plan to set RecipientLimits=2 isn't going to happen...

      • Peter commented  ·   ·  Flag as inappropriate

        We would like this option enabled so we can restrict bulk emailing from compromised accounts.

      • Adam Beggy commented  ·   ·  Flag as inappropriate

        We would like this option enabled so we can restrict bulk emailing from compromised accounts

      ← Previous 1 3

      Feedback and Knowledge Base