Microsoft's spam crackdown affects me too

Microsoft will target spammers exploiting its service by throttling emails sent from its onmicrosoft.com domain to just 100 external recipients per 24-hour period.

This will take effect from October 15, according to an announcement on the Exchange Team Blog two days ago and reported on by TheRegister.

Email abuse

Turns out spammers are signing up for new accounts, sending bursts of spam from the default onmicrosoft.com address before Microsoft can intervene. This abuse degrades the domain's reputation and affects legitimate users, which is bad news for everyone.

The solution? Microsoft will start placing email limits to throttle outgoing emails. According to Microsoft, its various onmicrosoft.com domains should only be used for testing, not regular email sending. Customers should instead use their own domains for sending email.

It is worth noting that the new restrictions are pretty drastic, as the throttling is applied per organisation per 24 hour rolling window. Microsoft will start rolling out the restrictions starting with tenants with fewer than three seats – eventually reaching tenants with more than 10,001 seats by June 2026.

How it impacts me

Strangely, this also affects me. More than a decade ago, I signed up for an Online Exchange account – which is rolled into Office 365 now, for my personal email domain. This happened after I finally decided that running my own Exchange Server to support an on-premises BlackBerry Enterprise Server (BES) deployment was just too much hassle. Yes, I was one of the last BlackBerry users back then.

Anyway, Gmail offered superior spam filtering, so I signed up for it as well. I then set up a complicated forwarding scheme that allows me to receive emails on Gmail and its spam filter before being piped over to Office. It looks like this: Incoming Email -> Google Workspace -> Office 365.

But since my domain's MX record points to Google, the only way to send emails with the Outlook email client, which I use, is via Office 365, using onmicrosoft.com. This means I will be impacted by the throttling in October.

The evolution of email

Emails have evolved substantially over the years, even though the experience has stayed largely the same. I still remember sending my first email three decades ago, and the underlying technology in email has not changed.

Due to unrelenting abuse by spammers, various techniques were invented to filter emails from spam. Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) have all become essential parts of the email ecosystem.

Service providers too have evolved new techniques and strategies to curb abuse. Sometimes, legitimate emails get wrongly targeted. Just last week, all my newsletters to Office 365 accounts were dropped without warning, likely due to a new ML-based filter at Microsoft. Thankfully, it eventually worked again.

The irony isn't lost on me. Here's Microsoft implementing measures to combat spam, while simultaneously catching legitimate users in the crossfire. My decade-old setup, which seemed clever at the time, now needs reworking as a result.

Have you ever had issues with emails?