Change Exchange Online recipient limit
Need to change Exchange online Recipient Limits. The default value is 500 and can't be modified.
In this case, users are able to send bulk\Spam messages by selecting entire global address list.
Bruno Leonardo
shared this idea
AdminO365 Compliance and Protection Feedback
(Admin, Microsoft Office 365)
responded
Thank you for the feedback. Most of the comments here reflect a desire to be able to LOWER the recipient limit for a specific user. This is something we will consider as priorities allow. If you’re voting or commenting — we would be curious if this is driven more by account compromises or just user behavior (e.g., don’t have permissions to send to the DL, so the user just expands the DL)?
For issues with compromised accounts, we want you to be aware that we take this issue seriously and have been working on that problem from many angles. That said, we believe that limiting the number of recipients per email will not stop or even slow the bad guys significantly. Instead, we encourage you to visit https://securescore.office.com/ and implement best practices to protect your organization.
For any comments regarding other issues with limits or throttling (e.g., increasing a limit), please start NEW items and please be clear what the scenario is that you need to support and why. Limits are a necessary piece of any email service, but we don’t want them to be obtrusive and block valid business scenarios.
73 comments
-
Kevin Bennett
commented
I would like to lower the recipient limit because of user behavior. We are a secondary school of 1200 students and when we used on prem Exchange we had the recipient limit for students set to 5 to prevent mail flooding and other time-wasting behavior. With the limit set at 500 in EOL, this behavior has resurfaced and is causing us grief.
-
Jeff Evans
commented
We often have users inappropriately include large numbers of recipients - would be great if we could restrict departments and individuals to lessor recipient counts.
-
Jeremy Bradshaw
commented
In Exchange 2010 there was the MaxRecipients property. Not sure why this was taken away.
-
Michael
commented
I believe the best way would be to implement a feature/option that only allows certain people via security group to send to large number of recipients. Don't take away the 500 limit. There are legitimate uses for sending to 500 people.
-
Anonymous
commented
any employee who would be leaving from an organisation can send unappropriate email copying as many as to 500 users which is a security issue for any organization. You'll also agree that bad elements exist everywhere. so please include this feature ASAP in O365 exchange.
-
Eduardo
commented
I need to limit the users that just decide sent email to the whole company.
-
Anonymous
commented
I can't imagine it is impossible to customize the maximum receipient limit. It's possible to change that on Exchange on premise, why not in the cloud version? We want to be able to limit "normal" users to 30 receipients and only allow "special" roles to send to the whole company. This is a real serious issue for us!!
-
Naresh Rao
commented
My customer wants to lower limits for employee who have resigned and are on notice period. To avoid any spam mails, as experienced by them in the past.
-
Bill S
commented
Our company would like to be able to modify rate limits.....for example being able to limit accounts to only be able to send a max of 50 emails per hour.
-
pradeep p
commented
would like to limit for the entire organization to 30 to 40 recipients per mail, and allow only selected users to send mass mails which can be more that 500 sometimes. we need this flexibility on priority.
-
Paul Hartwell
commented
Would like to be able to limit by user or entire organization to lower than 500 recipients. Failing that, would like some way to be notified if/when a user is mass sending.
-
Bruce Stewart
commented
This is a step backwards. Leave your default at 500 if you like but please give administrators the ability to change this!
-
Anonymous
commented
This request would be for both scenarios in my case. I have seen in previous experience where employees have decided to send mass emails in poor taste, and where someones account has been compromised. This is high priority to me, so that I can deliver the best protection for my business. I would like for this be a high priority for Microsoft as well. Let me know what I can do, to make this happen.
-
Anonymous
commented
I want to be able to restrict the max to 20 or so. This keeps a user from mass emailing a bunch of people in error. When we do send out emails to a large number of customers I ensure the user has the emails in the BCC and then lift the restriction. I had powershell scripts to lift and place the restriction when we were on Exchange 2010
-
Sean Schipper
commented
I would love to have control the recipient limit per message. 500/message is much too high for us. We'd also like to limit the messages/day. 10,000 is ridiculously high. We set it to 500 for our on premise users and have very few users we need to increase.
-
Julie Russell
commented
We would appreciate the ability to alter this value. We have been managing this on prem until starting migrations to O365. It is for legal reasons that we use this setting, to stop people from sending emails to bulk recipients.
We are willing to consider other alternatives - with transport rules etc. -
Kalinda Francomb
commented
We would like to be able to reduce it so we can set it lower for students who seem to love sending random emails to lots of people :(
-
Anonymous
commented
We would like to request the 500 recipient limit in O365 be increased to either 2000 or no limit like the older versions of MS Exchange. We cannot send mass emails to customer base and the contacts are changing constantly so a DL is not feasible.
-
Anonymous
commented
I agree with other comments - even from a GDPR perspective - implementing a limit on the number of emails a user can send (in the to, cc or bcc fields) via transport rule or otherwise should be a basic feature of any corporate email system. It can't be that hard to implement. If there is another thread with a similar request that we need to vote on - someone please post it here.
-
James Winter
commented
So here is a typical scenario. Student users click a spammed link from "Microsoft" and enter their credentials. Nothing happens. Late afternoon Sunday or 2:00 AM weekdays someone in South Africa logs in to the student's account, sets an Inbox rule to delete all inbox then sends a spam to a huge number of off-domain recipients. The student's account locks at 500 emails and I get a message. I want to set that lock at 50 or whatever I want. Also, please give me the ability to block login by region (yes, I have a request on that thread too).