Microsoft has unveiled its strategy to mitigate spam by introducing a daily cap on bulk emails sent through Exchange Online. Starting January 2025, the service will limit users to sending bulk emails to a maximum of 2,000 external recipients per day. This move aims to curb the misuse of Exchange Online resources and ensure fair usage among its customer base. The Exchange Team explained that the new External Recipient Rate (ERR) limit would act as a subset of the existing Recipient Rate limit, which allows up to 10,000 recipients per day. This adjustment does not alter the overall Recipient Rate limit but introduces a specific constraint for emails directed at external recipients.
Phased Implementation and Alternative Solutions
The implementation of these new limits will occur in two distinct phases to ensure a smooth transition for users. In the first phase, starting on January 1, 2025, the ERR limit will apply to all cloud-hosted mailboxes within newly created tenant accounts. The second phase, scheduled between July and December 2025, will see the enforcement of these limits extend to cloud-hosted mailboxes of existing tenants. For Exchange Online customers who require the capability to send to more than 2,000 external recipients daily, Microsoft recommends transitioning to Azure Communication Services for Email. This service is designed to support business-to-consumer communications that necessitate sending high volumes of email to external parties.
Strengthening Email Security and Compliance
In a related effort to enhance email security and combat spam, Google has also tightened its policies for bulk email senders. As of April 1st, entities wishing to send more than 5,000 daily messages to Gmail accounts are required to implement SPF/DKIM and DMARC email authentication protocols for their domains. Additionally, senders must refrain from distributing unwanted or unsolicited emails, include a one-click unsubscribe feature, and honor unsubscription requests within two days. Non-compliance with these guidelines will lead to Gmail rejecting the implicated emails, further emphasizing the industry's commitment to reducing spam and phishing threats.
By imposing these limits and requiring adherence to authentication standards, both Microsoft and Google aim to protect users from spam and phishing attacks while promoting responsible email practices among senders.