Microsoft has introduced vital restrictions on electronic mail sending capabilities for organizations utilizing default onmicrosoft.com domains, implementing a throttling system that limits exterior electronic mail supply to 100 recipients per group each 24 hours.
The coverage change, introduced via the Change Group Weblog, goals to forestall spam abuse whereas encouraging organizations emigrate to customized domains for improved electronic mail deliverability and model illustration.
Key Takeaways1. Microsoft limits onmicrosoft.com domains to 100 exterior emails each day.2. Targets cybercriminals exploiting new tenants, defending shared area status.3. Organizations should buy customized domains, rollout phases via June 2026.
Electronic mail Throttling Imposed
Microsoft’s new coverage particularly targets MOERA (Microsoft On-line Electronic mail Routing Handle) domains, that are routinely assigned when organizations create new Microsoft 365 tenants.
These default domains, equivalent to contoso.onmicrosoft.com, have grow to be enticing targets for cybercriminals who exploit newly created tenants to ship spam bursts earlier than detection techniques can intervene.
The throttling mechanism will set off NDR (Non-Supply Report) messages with error code 550 5.7.236 when organizations exceed the 100 exterior recipient restrict throughout the rolling 24-hour window.
Inside messaging stays unaffected, and the restriction applies solely to exterior recipients after any distribution listing expansions are calculated.
This technical implementation ensures that official testing and inner communications proceed uninterrupted whereas stopping large-scale spam operations.
The shared status mannequin of onmicrosoft domains has created vital deliverability challenges for official customers.
As a result of all organizations share variations of the identical area namespace, malicious exercise from one tenant can negatively impression electronic mail deliverability for all different customers on the platform.
Phased Rollout Timeline
Microsoft has established a structured rollout schedule starting with trial tenants on October 15, 2025, and progressing via totally different group sizes based mostly on Change seat counts.
The implementation will conclude with tenants having over 10,001 seats by June 1, 2026. Organizations with fewer than three seats will face restrictions beginning December 1, 2025, adopted by progressively bigger organizations via the primary half of 2026.
Technical migration entails a number of important steps together with buying customized domains via approved registrars, configuring DNS validation, and updating main SMTP addresses on all mailboxes.
Organizations should additionally deal with particular situations the place MOERA domains may be inadvertently used, together with Sender Rewriting Scheme (SRS) configurations, Microsoft Bookings notifications, and numerous Microsoft 365 service integrations.
Directors can analyze present MOERA electronic mail visitors utilizing the Message Hint characteristic in Change Admin Middle with wildcard sender addresses to establish potential impacts earlier than the restrictions take impact.
Organizations are strongly suggested to start migration planning instantly, because the throttling limits will considerably impression any enterprise operations presently depending on MOERA domains for exterior communications.
Discover this Story Attention-grabbing! Observe us on LinkedIn and X to Get Extra Prompt Updates.
