Got this in the mail today from our friends in Redmond, Washington:
We are updating our receiving limits in Exchange to help prevent attacks on your mail flow experience. Earlier this year in (February MC239262) we announced a stricter enforcement of our mailbox receiving limits. Taking your feedback into consideration, we are releasing an additional limit to block single-sender mail storms and deter DoS attacks.
Our mailbox receiving limits, as previously stated, apply to the messages received by a Microsoft Office 365 mailbox. If volume exceeds 3,600 messages in a given 60-minute window, the mailbox will no longer accept messages from the Internet, from other tenants, or from on-premises senders.
Starting in September 2021, we are adding a limit on sender-recipient pairs (SRP). This feature will apply to the messages received by a Microsoft Office 365 mailbox from each specific sender. If a single sender sends over 33% of the threshold (3,600 per rolling hour) to a specific recipient, the SRP limit will kick in, and the mailbox will no longer accept messages from that sender. The mailbox will continue accepting messages from other senders.
Note: If the identified sender is from a Microsoft Office 365 mailbox in the same tenant, messages will be allowed even after the limit is exceeded. If the identified sender is from an on-premises mailbox, a Microsoft Office 365 in a separate tenant, or outside of Microsoft Office 365, messages will be blocked.
This change helps prevent a malicious user from blocking mail flow to a Microsoft Office 365 mailbox, as part of our continuing efforts to improve your Exchange Online experience.
How this will affect your organization:
Rollout of the mailbox receiving limit as detailed in (February MC239262) is ongoing. We are continuing to lower the threshold over the next few months until we reach 3,600.
Rollout of the SRP limit will begin in September 2021. This limit is set to 33% of the mailbox receiving limit.
Note: Most users are not likely to be impacted by this, as only a small percentage of mailboxes are currently hitting SRP limits.
If a mailbox exceeds the SRP limit, messages to that mailbox from the identified sender will be throttled. Affected mailboxes will receive an email informing them of the throttling, while the identified sender will receive a non-delivery report under response code 5.2.121. Emails from that sender will be throttled until the limit resets one hour from when the threshold was exceeded.
Administrators will be able to view users that exceed their SRP limit through the “Mailbox exceeding receiving limits” report in the Exchange Admin Center. Please contact affected users to understand why they are receiving so many messages from particular senders.
What you need to do to prepare:
No direct action is required on your part, though it is recommended that you review the new limits and update training and documentation as appropriate.