Here’s how to do it with the Remove-BlockedSenderAddress cmdlet: Remove-BlockedSenderAddress -SenderAddress -Reason "No problem with this account" If you recognize a blocked account and know that it shouldn’t be blocked, you can release the account using the Security and Compliance Center or PowerShell. SenderAddress: OutboundSpamLast24Hours=747 OutboundMailLast24Hours=36 OutboundSpamPercent=2075 Last Spam Message MessagetraceId:b2223b2d-469d-440c-b409-08d82a588f0e AS:1135 Get-BlockedSenderAddress | Format-List SenderAddress, Reason The message trace identifier reported here doesn’t work with the Get-MessageTrace cmdlet. Unblocking in PowerShellĪs expected, the underlying Get-BlockedSenderAddress cmdlet doesn’t help much either. Microsoft needs to do some work to clarify the reported data and make it more precise.
The two figures don’t quite make sense 747 divided by 36 is 20.75, which is the percentage of spam reported. Total for outbound messages is noted as 36. Remote Server returned ‘550 5.1.8 Access denied, bad outbound sender.”įigure 2: Viewing restricted accounts in the Office 365 Security and Compliance Center The most common reason for this is that your email address is suspected of sending spam and it’s no longer allowed to send email. “Your message couldn’t be delivered because you weren’t recognized as a valid sender. When it imposes a block, Exchange Online generates NDRs (Figure 1) for every external message the user tries to send. Sure enough, after sending messages to circa 2,500 recipients spread across several distribution lists, Exchange Online Protection decided enough was enough and blocked my mailbox. I tested the theory by sending some messages containing hyperlinks to distribution lists over the course of a working day. This means that the user is permitted to send messages to internal recipients but not to external recipients, including mail contacts and guest users registered in the tenant directory. To ensure that a potentially-compromised account can’t be used to send spam or malware, Exchange Online Protection restricts (blocks) the mailbox. An example is that because hyperlinks can lead the unwary into bad places, messages containing links are more suspect than those with plain text.Ī single spike in traffic from a mailbox probably isn’t serious, but if the observed behavior of the mailbox over time deviates significantly from its expected norm, then the account might be compromised, and action is necessary. A one-off event isn’t enough to create suspicion, but other signs might exist to increase confidence that something’s wrong. The settings used by Microsoft to detect problematic senders are undocumented (as you’d expect), but you can force Exchange Online Protection to take an interest in your sending activity.įor instance, if someone who typically send 10-15 messages daily suddenly sends 200 messages over a short period or suddenly starts to send messages to large distribution lists, it might be that they’ve been told to get a message out about something like a new price list to customers. Exchange Online Protection applies more intelligent algorithms to pick up unusual activity which might be a sign that something’s going on.
Controlling mailboxes by measuring the number of messages they send is a crude control mechanism. A distribution list managed by the tenant (not a personal list) counts as a single recipient. The documented limit for accounts holding Office 365 E3 or E5 licenses is 10,000 recipients per day. I was curious to discover at what point Exchange Online clamped down. But occasionally, I need to send messages to reasonably large distribution lists (200 to 600 members). I usually don’t send enough email to ever run into the limits. Most of the time, my mailbox never comes to the attention of the monitoring tools that look for evidence of misuse. Essentially, even though Microsoft recently increased the maximum recipient limit for a message from 500 to 1,000, it doesn’t mean that you should switch mass mailings to Exchange Online from commercial mailing platforms like Mailchimp. Limits exist to stop people who want to send bulk mail (spam) or whose mailboxes are taken over by malware. Microsoft makes it quite clear that Exchange Online is not a platform for mass mailing.