What are the new Microsoft Exchange receiving limits and how do they work?
Matthew Whittaker
Co-founder & CTO, Suped
Published 14 Jun 2025
Updated 16 Aug 2025
6 min read
Microsoft Exchange Online, a cornerstone for many organizations' email infrastructure, continuously evolves its policies to enhance security and prevent abuse. Recently, there have been significant updates to receiving limits aimed at combating mail storms and Denial of Service (DoS) attacks.
These changes impact how emails are received by Exchange Online mailboxes, especially for high-volume senders. Understanding these new regulations is crucial for maintaining optimal email deliverability and ensuring your messages reach their intended recipients without interruption.
Understanding Exchange Online receiving limits
Exchange Online has a baseline mailbox receiving limit designed to protect individual mailboxes from excessive email volumes. This limit applies to all messages received by an Office 365 mailbox, regardless of their origin.
Specifically, a mailbox is configured to accept up to 3,600 messages within any given 60-minute window. This threshold covers emails from the internet, other Microsoft 365 tenants, and on-premises senders. Once this volume is exceeded, the mailbox temporarily stops accepting further messages.
While this limit primarily serves to maintain mail flow stability and prevent disruptions caused by unusually high inbound traffic, it can inadvertently affect legitimate high-volume senders if not properly managed. Understanding these common connection and message limits is the first step in ensuring your emails are delivered.
The new sender-recipient pair (SRP) limit explained
Beginning in September 2021, Microsoft introduced a more granular layer of protection: the Sender-Recipient Pair (SRP) limit. This new feature directly addresses the issue of single-sender mail storms and targeted DoS attacks, providing a more refined control over inbound mail.
The SRP limit works in conjunction with the general mailbox receiving limit. If a single sender sends more than 33% of the 3,600 message per hour threshold (approximately 1,200 messages) to a specific recipient, the SRP limit will activate. This means that for that particular sender-recipient combination, the mailbox will no longer accept messages.
The key distinction here is that unlike the overall mailbox limit, the SRP limit is targeted. The mailbox will continue to accept messages from other senders, ensuring that general mail flow remains uninterrupted for legitimate communications. This precision helps in isolating and mitigating abusive sending patterns without broadly affecting all incoming mail. For more details, refer to the Exchange Online limits documentation.
Exchange Online Receiving Limits
Mailbox Receiving Limit: 3,600 messages per rolling hour
Sender-Recipient Pair (SRP) Limit: 33% of the mailbox limit, approx. 1,200 messages per rolling hour from a single sender to a specific recipient.
Important for senders
While designed to fight spam and abuse, these new limits can impact legitimate senders, especially those with high-volume or transactional email programs. If your sending patterns resemble a mail storm, even unintentionally, your emails may be blocked for specific recipients.
The introduction of the SRP limit, coupled with existing receiving thresholds, has notable implications for email deliverability. For organizations that send transactional emails, alerts, or marketing messages in large batches to individual users, hitting these limits can result in significant delivery failures.
When an email hits one of these receiving limits, Exchange Online generates Non-Delivery Reports (NDRs). Consistent NDRs can signal to Microsoft that your sending practices are problematic, potentially leading to further throttling or even blacklisting of your sending IP or domain (also known as blocklisting). This can severely affect your overall email program.
It is critical for email senders to adapt their strategies to align with these stricter controls. Ignoring these limits can damage your sender reputation and lead to poor inbox placement. Proactive management is essential to avoid Microsoft rate limiting your emails.
Before new limits (Traditional Mail Flow)
Single limit: Mailboxes had a universal hourly receiving limit (3,600 messages).
Broad impact: Exceeding the limit blocked all incoming messages to that mailbox, regardless of sender.
Vulnerability: Susceptible to mail storms from a single malicious sender affecting entire mailboxes.
After new limits (With SRP)
Layered limits: In addition to the universal limit, a sender-specific limit (1,200 messages/hour) is applied per recipient.
Targeted blocking: Only the problematic sender is blocked for that specific recipient, allowing other mail to flow.
Enhanced protection: Better defense against targeted mail storms and DoS attacks, improving overall mail flow resilience.
Strategies for optimizing email flow
To ensure your emails continue to reach Exchange Online recipients reliably, it is essential to implement smart sending strategies that respect these new limits. This involves more than just sending fewer emails, it means optimizing your entire email program.
Start by auditing your current sending volume, especially to individual recipients. If you send bursts of emails, consider spreading them out over time to avoid hitting the rolling hourly limits. This applies to both marketing campaigns and automated transactional messages. Regular email deliverability testing can help identify potential issues before they become problems.
Maintaining a clean and engaged email list is also paramount. Regularly remove inactive or invalid addresses to reduce bounces and ensure your messages are only sent to active recipients. High bounce rates can negatively affect your sender reputation and trigger blocklisting (or blacklisting). If your domain reputation has been impacted, check out our guide on how long it takes to recover domain reputation. Regular monitoring of your email campaigns and deliverability metrics will allow you to quickly identify and address any issues related to these limits.
Pace your sending: Distribute your email volume over longer periods rather than sending large bursts, especially to single recipients. For strategies on this, see how Microsoft handles email volume limitations.
Maintain list hygiene: Regularly clean your email lists to remove invalid or unengaged addresses. This reduces bounces and helps maintain a good sender reputation.
Segment your audience: For very large lists, segmenting and sending to smaller groups over time can help avoid hitting hourly or daily limits.
Monitor NDRs: Pay close attention to Non-Delivery Reports as they indicate when your emails are being blocked. Analyze the error codes to understand the specific limit being hit.
Use authentication: Ensure your emails are properly authenticated with SPF, DKIM, and DMARC to build and maintain trust with Microsoft and other ISPs.
Limit type
Description
Typical value
Impact on deliverability
Recipient rate limit
Number of recipients a user can send to within a 24-hour period.
Implement staggered sending schedules for transactional and marketing emails to prevent hitting hourly limits for individual recipients.
Regularly audit and clean your subscriber lists to remove inactive or bouncing email addresses that can trigger blocks.
Utilize subdomains for different types of email traffic (e.g., transactional, marketing) to diversify sending reputation.
Common pitfalls
Sending large, unsegmented email blasts to Microsoft Exchange recipients without considering hourly volume limits.
Ignoring Non-Delivery Reports (NDRs) from Microsoft, which indicate that receiving limits are being exceeded.
Failing to adapt sending systems to account for rolling hourly limits, leading to continuous rate limiting.
Expert tips
Proactively monitor your email delivery rates and bounce logs for unusual spikes or drops related to Exchange Online.
Familiarize yourself with Microsoft's official documentation on Exchange Online limits and stay updated on policy changes.
Use email deliverability platforms to gain deeper insights into how Microsoft perceives your sending practices and sender reputation.
Marketer view
Marketer from Email Geeks says they received a notice from Microsoft about new receiving limits in Exchange to prevent mail flow attacks, including a stricter enforcement of mailbox receiving limits.
2021-09-01 - Email Geeks
Expert view
Expert from Email Geeks says the update details that if a mailbox exceeds 3,600 messages in a 60-minute window, it will no longer accept messages from the Internet, other tenants, or on-premises senders.
2021-09-01 - Email Geeks
Adapting to Microsoft's evolving limits
Microsoft's continuous efforts to enhance security and user experience are evident in these updated Exchange Online receiving limits. The introduction of the Sender-Recipient Pair (SRP) limit demonstrates a more sophisticated approach to identifying and mitigating abusive email traffic, specifically targeting mail storms from single senders without disrupting overall mail flow.
For email senders, this means a heightened need for diligent sending practices. By understanding and proactively adhering to these limits, you can ensure your email programs remain effective, maintain a strong sender reputation, and achieve optimal deliverability to Microsoft Exchange Online Protection and beyond.
