SUMail Email Rate and Recipient Limits
This document outlines the various methods that Exchange uses to both protect the functioning of our email system that Office365 employs to ensure that normal business processes are not interrupted. These policies are necessary protection mechanisms to protect against malicious intent, errant clients, or unintended uses of email accounts.
If an account should have needs that exceed the "normal use" limits below, the respective user should educated on the SMTP-Relay process to send mass email and ensure their account is registered as a mass emailer.
Message Rate Limiting
The Message Rate Limiting policy setting restricts the number of messages a single user can send from their mailbox in a 1-minute time span. Every mailbox has a limit of 30 email submissions per minute.
This limit does NOT restrict the number of messages a user can send overall. It limits the number of emails a mail client can submit to the service in 1 minute. If a user sends more than the set rate of individual email messages in 1 minute, only the first 30 messages will be accepted into the servers transport queue for immediate processing, the remaining will go into the Outbox and be processed at the set rate per minute.
The purpose of Message Rate Limiting is to protect business operations by ensuring normal email users have their emails processed in a timely fashion while "bulk mail" users receive a lower priority.
The Message Rate Limit applies to everyone across the environment and there are no individual overrides for this protection mechanism.
Why is Message Rate Limiting a necessity:
Assume a user sends a bulk message to 10,000 recipients individually with a mass mailer very rapidly while a second user sends a message notifying a small number of users that a meeting has been moved up and will take place in 5 minutes. Because Exchange online processes queues in a first in/first out priority, the bulk messages from the first user would take priority over the second user's message about the meeting and could result in the meeting time change not being delivered in time timely manner.
Recipient Rate Limiting
The Recipient Rate Limit policy setting restricts the total number of recipients a single user can send to within a 24-hour period. There is a recipient limit of 10000 recipients every 24 hours.
The limit specifies the total number of email addresses which can be mailed to in a 24 hour period. Therefore sending 2 emails to the same email address will count as 2 recipients in the total recipient count.
The purpose of this limit is to protect the email environment from the fallout of compromised accounts. Typically mailboxes of compromised or hacked accounts send out messages to abnormally large numbers of recipients in a short period of time as compared to a "normal email" user. The recipient limit doesn't not affect the mailbox from receiving mail.
Why Recipient Rate Limiting is a necessity:
The problem created for Syracuse University for compromised accounts can vary from misrepresentation to having our domain placed on spam sender blacklists, effectively keeping emails from all users from going out in a timely manner. By limiting the scope of email an average user can send, it is less likely a compromise can affect the entire SU population.