Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam

Email authentication directly impacts deliverability: Google and Yahoo’s February 2024 bulk sender requirements enforce SPF + DKIM + DMARC as hard prerequisites for inbox placement. Microsoft followed with DMARC enforcement from May 2025. Unauthenticated bulk mail is now rejected by all three major providers.

The most common support case we handle is ‘my email is going to spam since the Google changes,’ says Vasile Diaconu, Operations Lead at DuoCircle. Nine times out of ten, the fix is publishing a DMARC record and ensuring SPF/DKIM alignment. It takes 5 minutes once you know what to do.

					DMARC Report					

				

Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-12409">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/04/Microsoft-Plans-To-Impose-A-Per-Day-Limit-On-Exchange-Online-Bulk-Emails-To-Reduce-Spam.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H3M19S">3:19</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-12409" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-12409" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-12409" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-12409" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/microsoft-plans-to-impose-a-per-day-limit-on-exchange-online-bulk-emails-to-reduce-spam/&t=Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/microsoft-plans-to-impose-a-per-day-limit-on-exchange-online-bulk-emails-to-reduce-spam/&url=Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/04/Microsoft-Plans-To-Impose-A-Per-Day-Limit-On-Exchange-Online-Bulk-Emails-To-Reduce-Spam.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/microsoft-plans-to-impose-a-per-day-limit-on-exchange-online-bulk-emails-to-reduce-spam/" class="input-link input-link-12409" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-12409" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="KEwE7abNmu"><a href="https://dmarcreport.com/blog/podcast/microsoft-plans-to-impose-a-per-day-limit-on-exchange-online-bulk-emails-to-reduce-spam/">Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/microsoft-plans-to-impose-a-per-day-limit-on-exchange-online-bulk-emails-to-reduce-spam/embed/#?secret=KEwE7abNmu" width="500" height="350" title=""Microsoft Plans to Impose a Per Day Limit on Exchange Online Bulk Emails to Reduce Spam" — DMARC Report" data-secret="KEwE7abNmu" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-12409” readonly/>

					<button class="copy-embed copy-embed-12409" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Starting January 1, 2025, Microsoft Exchange Online users will have to change their plans as a limit of 2,000 external recipients per 24 hours will be implemented. This is because the platform was never designed for high-volume transactional emails. So, this decision has been taken with respect to that and not to overburden the resources.

The limitation will be unfolded in two phases-

• The First Phase (January 1, 2025): The primary phase will affect the cloud-hosted mailboxes of all newly created tenants.

• The Second Phase (July-December 2025): The second phase will expand the limit to **all existing cloud-hosted mailboxes.

The Recipient Rate Limit

The daily recipient limit remains at 10,000, which means users can send emails to up to 10,000 recipients within 24 hours. However, the number of external recipients, those outside your organization , should not exceed 2,000. For organizations requiring **larger-scale email campaigns beyond this limit, Microsoft suggests switching to Azure Communication Services for Email. This service supports high-volume emailing, accommodating millions of emails per month, and is **designed specifically for bulk communication needs.

In April 2024, the Department of Homeland Security (DHS) released a report sharing a **big data breach by Microsoft that culminated in a cyberattack on its Exchange Online platform in July 2023.

The Cyber Safety Review Board (CSRB) prepared the report, which **highlighted weaknesses in Microsoft’s security practices and offered recommendations for the company and the cloud service industry as a whole.

How Do You Deploy DMARC As a Personal Effort Towards Email Security?

While Google, Yahoo, Microsoft, and other similar platforms are doing their best by rolling out new policies to make **email exchange a safer practice, you, as a domain owner, should also do your bit. Start by implementing SPF, DKIM, and DMARC, as these protocols collectively ensure that only authorized emails sent from your domain land in the inboxes of recipients while also confirming that **nobody tampered with the emails’ contents in transit.

DMARC also provides a mechanism for domain owners to receive **feedback reports called DMARC aggregate and forensic reports. These reports basically give insights into how your emails are being perceived by recipients’ mailboxes and if a threat actor is sending unsolicited emails without your consent.

DMARC is built on SPF and DKIM by providing a way for domain owners to specify how receiving servers should handle emails that fail authentication. A domain owner creates a DMARC policy in the domain’s DNS settings, specifying whether to allow, quarantine, or reject emails that fail SPF and/or DKIM checks**. You can also adjust the percentage of the policy tag by observing the number of false positives and false negatives. If you receive too many of these reports and are fed up with managing them effectively, then we can help you with this. We will monitor these reports and send you aggregated versions. To know more about our services, reach out to us. Meanwhile, you can also check out our resources to learn more about email authentication.