Changes to Hot Recipients Throttling in Exchange Online

I expect we all know there are limits to what you can and cannot do with your Exchange Online mailbox. We all know there is a limit to how many emails you can send and receive, how much storage you can use, how much data you can move into or out of Exchange Online, and how big each individual email can be. However, I find that few Exchange Online administrators know exactly what those limits are, how they work, why they are there, or what you can do about them.

Microsoft is currently in the process of enforcing some of these limits that have not previously been enforced. I thought this would be a good time to go though the limits that are in place for your Exchange Online mailboxes, and what you can do if you find yourself in a situation where those limits are negatively impacting your organization.

What is changing with EXO throttling?

In their recent Exchange Team blog post "Upcoming changes to mailbox receiving limits: Hot Recipients Throttling", Microsoft announced that they are starting to enforce the already in place mailbox receiving limit of 3,600 messages per hour. To be clear, this is not a new limit. The change is that this preexisting limit will now be strictly enforced by Microsoft where it had not been enforced in the past.

I would think for most user mailboxes, 3,600 messages per hour received is enough. If I got that many messages in my inbox, I am pretty sure I would be thinking about options for a career change. However, these limits also apply to Groups and to Public Folders so some organizations may run into that limit for theses mailboxes.

When a mailbox reaches this limit, any messages sent to that address for the next hour will be rejected with an NDR and the mailbox will receive a notification that it is being throttled. The counter will reset one hour after the throttling starts, at which point the mailbox will go back to functioning normally.

What are the rate limits for Exchange Online?

Oh, what a fun question to try to answer. There are quite a few different limits for Exchange Online mailboxes, and those limits do vary somewhat based on the license for each mailbox. It is entirely possible that you could have different limits on different mailboxes within the same Exchange Online tenant.

Microsoft does have a page describing many of the limits applied to Exchange Online, but it is not super clear and I do see some holes in that document. I will try to explain the limits I see being most relevant to customers below.

Receiving Limit - For all Exchange Online mailboxes, regardless of license, the receiving limit is 3,600 messages per hour as stated above. The change here is that this limit is now being enforced.

Sending Rate Limit - ExO mailboxes have a limit of 10,000 messages per 24 hours sent to individual recipients. It is important to note that a message sent to a distribution group stored in the tenant’s shared address book counts as 1 no matter how many recipients are in that DG. Each recipient in a personal distribution list count separately.

The timer here is a 24-hour counter, meaning you can not send messages to 10,001 recipients within any 24-hour period. For example, a user sends an email message to 5000 recipients at 09:00 AM, then sends another message to 2500 recipients at 10:00 AM, and then sends another message to 2500 recipients at 11:00 AM, hitting the limit of 10,000 messages. The user will not be able to send messages again until 09:00 AM the next day.

How do I know if any of my mailboxes are close to those limits?

This information is available in the “reports” section of the Microsoft 365 Admin center.

Go to Reports > Usage > Exchange and you will see a report like this:

As you can see, I sent 50 messages and received 1,612 with the last activity date of March 9 (2021). As I am writing this, it is March 11 (2021), so this is not real time data. If you want to get this data reported in real-time, you are going to need to dive into the Graph. I’m not going to go into how to get this information directly from the Graph, but that information is out there for those of you interested. 

For our purposes here, I think this report is going to get most of you the information you need. If you see a mailbox on this report that is getting close to the limits outlined above, it might be time to take some corrective action.

What can I do about mailboxes getting close to or hitting the limits?

This is where the fun starts.

These limits are high, so it is unlikely that an “average” user is going to come anywhere close to getting throttled. I would suggest that if you have a mailbox hitting these limits, someone is doing something wrong.

If a single user mailbox is getting anywhere close to those limits, I would guess that is probably caused by spam. I would guess that person is sending out “mass marketing” messages, and it is time to investigate a 3^rd party email marketing solution outside of Office 365.

If it is a Group mailbox, or a Public Folder that is hitting those limits, I would suggest creating a second mailbox for whatever the purpose is and splitting the load.

Wrap up

Microsoft is keenly interested in ensuring that the overall infrastructure of Office 365 maintains the highest up-time possible. One of the steps they are taking to ensure that happens is enforcing the limits that are outlined in the terms of service for Office 365. We can expect more of this going forward.

These newly enforced limits will only affect a very small percentage of users in Office 365, although the new enforcement will surely cause considerable consternation for those who are affected.

As Office 365 administrators, our job is to understand these limits, and help users deal with them as best we can.

Exchange Hybrid and Office 365 Monitoring and Reporting

On-premises components, such as AD FS, PTA, and Exchange Hybrid are critical for Office 365 end user experience. In addition, something as trivial as expiring Exchange or AD FS certificates can certainly lead to unexpected outages. By proactively monitoring hybrid components, ENow gives you early warnings where hybrid components are reaching a critical state, or even for an upcoming expiring certificate. Knowing immediately when a problem happens, where the fault lies, and why the issue has occurred, ensures that any outages are detected and solved as quickly as possible.

Access your free 14-day trial of ENow’s Exchange Hybrid and Office 365 Monitoring and Reporting today!