Exchange Online Clamps Down on High-Volume Mailboxes

Do Real User Mailboxes Receive a Message a Second?

What should we make of Microsoft’s decision to impose a hard limit on Exchange Online mailboxes receiving more than 3,600 messages per hour, as reported in message center notification MC239262 on February 13?

Simply this: in any large platform where resources are shared, some will try to take more resources than they should and it’s clear that some mailboxes are regularly exceeding thresholds. Microsoft says the number is very low, but once evidence of abuse appears, it becomes a candidate to be stamped out.

Microsoft has operated a soft limit (meaning that it wasn’t applied) for inbound message volume since Exchange Online commenced (other limits govern the ability to send outbound messages). The threshold of 3,600 messages per hour has been in place for at least four years. That’s one new message arriving in the inbox every second. Even the most productive user on the face of the planet cannot cope with such a torrent of inbound email, so the conclusion must be that mailboxes handling such amounts are used by automated processes rather than humans.

It’s possible that the automated processes are not trying to take advantage of Exchange Online. For instance, a process might generate email to inform recipients of its progress. Run in test conditions, the volume of email might be small and easily dealt with. When scaled up for production, the same code probably generates far more progress reports, and if several processes take the same approach to reporting and use the same target mailbox, it’s possible to imagine that the mailbox might receive a large volume of reports. But directing one new message per second over a sustained period to a single mailbox is too much. Mailboxes and their databases are not designed for that kind of sustained traffic.

Introducing Hard Limits

Microsoft says that they will impose a hard limit in April 2021. They will introduce the new limit gradually, starting with a higher limit and moving down to the published threshold. Think of this as a hard limit of 5,000/messages/hour being reduced weekly until the 3,600 figure is reached.

A new Mailboxes exceeding receiving limits report in the new version of the Exchange admin center (EAC) will help admins identify problems. The report lists mailboxes that have hit the threshold or are close to the threshold over the last 24 hours. The idea is that someone then calls up the mailbox owners to ask (politely) why they receive so much email. Microsoft says that admins should contact mailbox owners “to understand why they are receiving so many messages and inform them of ways to reduce mail volume and improve their experience.” In other words, “stop making my life difficult and change your code to reduce email volume.”

The Effect of Throttling

Once a mailbox hits the threshold, Exchange Online will throttle its ability to receive new email. In this context, throttling does not mean “slow down inbound traffic.” Instead, Exchange will refuse delivery of new email for an hour after the threshold is reached.

To make the mailbox owners aware that throttling is in force, Exchange sends an automated email to the affected mailboxes. Given the volume of new messages arriving in the mailbox, you’d wonder if the mailbox owner will ever see the notification of throttling. To offset the problem, Microsoft will make sure that the warning message appears at the top of the inbox.

Even with the warning message highlighted in the inbox, it is more likely that mailbox owners will more quickly react to sender complaints who receive non-delivery notifications (NDRs) saying that the mailbox can’t receive new messages because it has exceeded the threshold. Of course, if the senders are automated processes, they will probably ignore the NDRs.

EAC Highlights Problems

The EAC will highlight threshold violations in its Insights section with a notice saying that “one or more mailboxes have exceeded their receiving limits.” To avoid the need to access EAC to see what’s going on, Microsoft says that admins will be able to create an alert policy to send mail when a mailbox exceeds receiving limits. The ability to create alert policies doesn’t yet exist in EAC (Figure 1), but as the new version of the console is still under development, the functionality will hopefully show up before Microsoft beings to restrict high-volume mailboxes.

Where you might see an alert when Exchange Online blocks a high-volume mailbox
Figure 1: Where you might see an alert when Exchange Online blocks a high-volume mailbox

Hopefully, information about blocked mailboxes will also be posted as events in the Office 365 audit log. This will allow solutions like Microsoft Cloud App Security and third-party monitoring products to capture and signal problems with blocked mailboxes. Capturing events in the audit log also allows for at least a 90-day lookback (for E3 accounts – 365 for E5) should that need arise.

Need to learn more about how Office 365 and its apps work? Subscribe to the Office 365 for IT Pros eBook. We publish monthly updates to keep our subscribers updated about changes like the one described here.

One Reply to “Exchange Online Clamps Down on High-Volume Mailboxes”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.