MC272450 – Microsoft is updating their receiving limits in Exchange to help prevent attacks on your mail flow experience. Earlier this year in (February MC239262) Microsoft announced a stricter enforcement of their mailbox receiving limits. Taking your feedback into consideration, Microsoft is releasing an additional limit to block single-sender mail storms and deter DoS attacks.
Microsoft’s mailbox receiving limits, as previously stated, apply to the messages received by a Microsoft Office 365 mailbox. If volume exceeds 3,600 messages in a given 60-minute window, the mailbox will no longer accept messages from the Internet, from other tenants, or from on-premises senders.
Starting in September 2021, Microsoft is adding a limit on sender-recipient pairs (SRP). This feature will apply to the messages received by a Microsoft Office 365 mailbox from each specific sender. If a single sender sends over 33% of the threshold (3,600 per rolling hour) to a specific recipient, the SRP limit will kick in, and the mailbox will no longer accept messages from that sender. The mailbox will continue accepting messages from other senders.
Note: If the identified sender is from a Microsoft Office 365 mailbox in the same tenant, messages will be allowed even after the limit is exceeded. If the identified sender is from an on-premises mailbox, a Microsoft Office 365 in a separate tenant, or outside of Microsoft Office 365, messages will be blocked.
This change helps prevent a malicious user from blocking mail flow to a Microsoft Office 365 mailbox, as part of Microsoft’s continuing efforts to improve your Exchange Online experience.
- Timing: September 2021
- Action: review and assess
How this will affect your organization:
Rollout of the mailbox receiving limit as detailed in (February MC239262) is ongoing. Microsoft is continuing to lower the threshold over the next few months until they reach 3,600.
Rollout of the SRP limit will begin in September 2021. This limit is set to 33% of the mailbox receiving limit.
Note: Most users are not likely to be impacted by this, as only a small percentage of mailboxes are currently hitting SRP limits.
If a mailbox exceeds the SRP limit, messages to that mailbox from the identified sender will be throttled. Affected mailboxes will receive an email informing them of the throttling, while the identified sender will receive a non-delivery report under response code 5.2.121. Emails from that sender will be throttled until the limit resets one hour from when the threshold was exceeded.
Administrators will be able to view users that exceed their SRP limit through the “Mailbox exceeding receiving limits” report in the Exchange Admin Center. Please contact affected users to understand why they are receiving so many messages from particular senders.
What you need to do to prepare:
No direct action is required on your part, though it is recommended that you review the new limits and update training and documentation as appropriate.
- Review the published receiving limits at Exchange Online limits – Service Descriptions | Microsoft Docs
- Review Microsoft’s NDR documentation at Email non-delivery reports in Exchange Online for 5.2.121, sender-recipient pair throttling