6/25/2025 Important update regarding the cloud hosted Mailbox External Recipient Rate Limit: In order to reduce the impact on customers, Microsoft has again decided to delay the rollout of the cloud ...
Updated Jun 25, 2025
Version 14.0
Blog Post
Tofeeq They are separate limits, but I think there are some things that apply to one but not the other (SMTP relay, per an MS comment, does not count against the mailbox limit but does against the tenant one). As I understand it:
- You have, by default, a limit of 10K recipients in a 24 hour period.
- A 'sub-limit' of this is the external recipient rate limit (ERR) which is 2K external recipients in a 24-hour period. This is per mailbox.
- The tenant limit (TERRL) is for your entire tenant collectively. This is the maximum number of external recipients a tenant can send, and it's calculated based on your licensing. Let's say you have only 2 licenses in your tenant. Per their chart, you can only send 10,312 external emails in a 24-hour period. If you had several shared mailboxes, for example (shared mailboxes don't need licenses), that also send external, each mailbox could be under the ERR limit but you could hit the tenant limit of 10312.
As for monitoring, the article mentions it but the name in my tenants is different.
- for TERRL: Exchange Admin Center -> Reports -> Mail Flow -> Tenant Outbound External Recipients. We don't even get close to the tenant limits for my org.
- for ERR, if you expand the thread, I think there are some folks who have written ways to get a number now, but think we're waiting until April 2026 for an official report from MS.
If I'm wrong someone will be quick to correct me :)
Hi nrvonogd , Thank you for your response and detailed explanation.
I’ve been able to extract some data from Sentinel to identify mailboxes that are exceeding their limits. Based on this, it's clear that the proposed change could significantly impact our services. Introducing ACS would add another layer of service on top of Exchange Online, which not only increases complexity but also incurs additional costs making it a less feasible option.
While I understand the rationale behind the change ensuring fair use and enhancing security the business like us already has several controls in place to mitigate misuse, including Defender for Office 365, Purview, and ETRs.
I would strongly recommend revisiting the potential impact of this change and exploring alternative approaches that could achieve the same outcome without introducing additional overhead. Rather than applying a blanket block, it would be more practical to allow exclusions for trusted senders.