As of 2026, Microsoft Exchange Online enforces two newhard limits on outbound email:
• The Tenant ExternalRecipient Rate Limit (TERRL) caps the total number of external recipients yourentire Microsoft 365 tenant can reach within any rolling 24-hour window. Thelimit scales with your license count using the formula: 500 × (non-trial licenses^0.7)+ 9,500. Trial tenants are capped at 5,000 external recipients per day.
• The Mailbox ExternalRecipient Rate Limit (MERRL) caps each individual licensed mailbox at 2,000external recipients per 24-hour rolling window, regardless of tenant-levelheadroom.
On top of these limits, Microsoft began enforcing SPF,DKIM, and DMARC authentication alignment for bulk senders in May 2025.Non-compliant mail is routed to junk, with full rejection as enforcementcontinues to tighten. Filtering now uses AI-assisted intent scoring rather thankeyword matching alone.
If you exceed your TERRL, outbound email to externalrecipients is blocked immediately with NDR code 550 5.7.233 (non-trial) or 5505.7.232 (trial). There is no soft throttle — it is a hard block until the24-hour window clears.
For years, Microsoft 365 was the path of least resistancefor cold outbound. You set up a tenant, configured a sending tool, and let itrun. That playbook is no longer viable. In 2025 and into 2026, Microsoft hasrolled out structural changes to Exchange Online that affect every organizationsending external email at any meaningful volume — and the consequences ofignoring them range from silent throttling to hard delivery blocks.
This post breaks down exactly what changed, why itmatters, and how to adapt your infrastructure before it costs you pipeline.
The most consequential change is the introduction of theTenant External Recipient Rate Limit (TERRL). This is a hard daily cap on thetotal number of external recipients your entire Microsoft 365 tenant can reachwithin any rolling 24-hour window — not per mailbox, but across every mailboxin your organization combined.
The limit scales with your license count. The formulaMicrosoft uses is: 500 × (number of non-trial email licenses^0.7) + 9,500. Atenant with 10 licenses can reach roughly 17,000 external recipients per day. Atenant with 100 licenses gets approximately 22,000. A tenant with 1,000licenses gets around 85,000.
Trial tenants are capped at 5,000 external recipients perday regardless of seat count. When a tenant exceeds its TERRL threshold, alloutbound email to external recipients is blocked immediately. Senders receivean NDR — 550 5.7.233 for non-trial tenants or 550 5.7.232 for trial tenants.There is no gradual throttle. It is a hard stop until the rolling window clearsenough headroom.
Layered on top of TERRL is a per-mailbox enforcementcalled the Mailbox External Recipient Rate Limit (MERRL). Starting in late2025, Microsoft began enforcing a hard 2,000 external recipient limit perlicensed mailbox per 24-hour rolling window. This applies regardless of wherethe send originates — Outlook directly, a CRM integration, a sales sequencingtool, or Power Automate — if the mail routes through Exchange Online, it countstoward MERRL.
The combination of TERRL and MERRL creates a two-layerenforcement structure. A tenant can have TERRL headroom while individualmailboxes simultaneously trigger MERRL blocks. Both layers need to be monitoredindependently.
Shared mailboxes follow the sending principal's limits.If you Send As from a shared mailbox, MERRL applies to the sending user'saccount, not the shared mailbox itself.
Starting May 5, 2025, Microsoft began enforcing SPF,DKIM, and DMARC alignment for bulk senders delivering 5,000 or more emails perday to consumer Outlook inboxes (@outlook.com, @hotmail.com, @live.com).Non-compliant mail is first routed to junk, with full rejection in laterenforcement phases.
This follows the path Google and Yahoo established inFebruary 2024 and puts all three major inbox providers on the same baseline:proper authentication is no longer best practice, it is a prerequisite forinbox delivery at any volume.
Microsoft's filtering infrastructure has shifted awayfrom keyword-based pattern matching toward large language model evaluation.Filters now score for intent and business email compromise (BEC)-likebehavioral patterns — not just content keywords. Messages that mimic legitimatebusiness communication but carry the structural signatures of mass outreach —templated language, minimal personalization, bulk-cadenced timing — areincreasingly caught by these intent-based classifiers.
The practical implication: old deliverability workaroundsfocused on removing specific words or adjusting subject lines do not addressthe underlying behavioral signals that modern filters evaluate. Volume pattern,sending cadence, and engagement signals have become more important than contentmanipulation.
Microsoft's reputation systems now explicitly favorolder, more stable domains before extending trust for semi-bulk orhigh-frequency external sending. Freshly registered domains — even those withcomplete authentication records — face an extended evaluation period beforethey are treated as legitimate senders at meaningful volumes. Outlook nowrequires demonstrated sending history measured in months, not weeks, beforeconsistent inbox placement at scale.
Outlook and Gmail reward very different sending behaviorsduring warm-up, and treating them identically is one of the most common reasonscold email infrastructure underperforms.
Gmail is relatively forgiving of short bursts of strongengagement. A week of solid open and reply rates can meaningfully move yourplacement. Outlook is built differently. It demands consistency across a longertimeframe — typically 60 to 90 days or more — before it extends meaningfultrust to a sending identity. A single good week does not move the needle theway it does at Gmail.
Outlook also throttles more aggressively on volumespikes. Where Gmail may tolerate a ramp from 50 to 500 emails per day ifengagement signals support it, Outlook will respond with 421 deferral codes andlonger-term placement degradation. Once those deferrals start accumulating, youare fighting both a volume problem and a reputation recovery problem at thesame time.
There is also the TERRL ceiling to consider. Even a fullywarmed sender operating within normal behavioral parameters can hit atenant-wide cap because other mailboxes in the same organization burned throughthe quota. This is the new failure mode that catches teams off guard:everything looks fine at the individual mailbox level, then bounces startbecause a newsletter blast from another team consumed the daily limit.
The safest posture for Outlook-heavy B2B audiences is tokeep daily sends small, slow, and human-patterned. Experienced outboundpractitioners now treat 30 to 50 emails per mailbox per day as a conservativetarget, with volume staggered naturally across business hours and consistentdaily sending rather than erratic spikes.
For cold email operations running through Microsoft 365tenants, TERRL changes the infrastructure math significantly.
The optimal sending posture for Outlook in 2026 is lowvolume, high personalization, and natural behavioral cadence. The safe dailysend limit per mailbox for cold outreach is generally considered to be 50 to100 emails per mailbox per day, with many practitioners targeting 25 to 50 tostay well inside the threshold where Outlook's filters apply heavier scrutiny.
Sending in automated bursts — even if you stay underper-mailbox MERRL limits — creates a volume pattern that is easy for ML-basedclassifiers to identify as non-human. Staggering sends across hours, allowingnatural reply and engagement signals to accumulate, and maintaining consistentdaily volume rather than erratic spikes all help preserve sender reputationover time.
Several categories of messages do not count against TERRLand are worth knowing when you're auditing your tenant's exposure. Thefollowing are excluded: out-of-office auto-replies, delivery statusnotifications and read receipts, journaling messages, email notifications fromMicrosoft cloud applications (Teams, SharePoint, Yammer), email sent throughAzure Communication Services or Exchange Online High Volume Email, and messagesbetween tenants in a configured Multi-Tenant Organization.
What does count: all standard external sends, CRM-routedmessages through Exchange mailboxes, automated sequences from tools likeOutreach, Salesloft, or Apollo if they route through tenant mailboxes, andserver-side sync emails from platforms like Dynamics 365.
One edge case worth flagging: if you route outbound mailthrough a third-party service for signature management or compliance archivingand it loops back through Exchange for final delivery, Microsoft candouble-count those recipients against your TERRL quota. If you use anythird-party outbound routing, check whether a mail flow rule can prevent thisdouble-counting.
Teams that need serious outbound volume and cannot routethrough a dedicated bulk sending service face a more complex infrastructurequestion around tenant design. Spreading sending load across multiple tenantseffectively multiplies available TERRL quota, but this carries meaningful cost,operational overhead, and risk. If Microsoft determines that multiple tenantsare being operated to circumvent TERRL enforcement, coordinated enforcementaction is a possibility.
This is a last-resort architecture, not a defaultconfiguration. For most B2B sales teams, the right answer is to use ExchangeOnline for genuine one-to-one sales outreach and route bulk email —newsletters, drip sequences, marketing automation — through a purpose-builtdelivery platform outside the Exchange tenant entirely.
Microsoft has added a Tenant Outbound External Recipientsreport inside the Exchange Admin Center at EAC > Reports > Mail flow >Tenant Outbound External Recipients Rate. This report shows your currentexternal send volume, your TERRL quota, how much of the quota has beenconsumed, and any recipients blocked due to limit enforcement. It alsoindicates whether enforcement is currently enabled or disabled for your tenanttier.
For programmatic access, the PowerShell cmdletGet-LimitsEnforcementStatus provides the same visibility. For GCC environments,the report and enforcement timeline extends into mid-2026.
For inbox placement monitoring, the practical options forcold email infrastructure remain seed-list testing and provider-levelbreakdowns that separate Gmail, Outlook, and other domains. Outlook-specificdeliverability problems typically surface as a drop in Outlook domain placementrates while Gmail numbers stay stable. That divergence — Outlook dropping whileGmail holds — is often the first indicator that something in your sendingbehavior is being classified differently by Microsoft's filters.
Microsoft SNDS (Smart Network Data Services) providessender reputation data for IP ranges and is most useful for dedicated IPsenders and ESP infrastructure operators. For teams sending through sharedExchange infrastructure, seed testing is the more actionable monitoringapproach.
Before evaluating any volume or warm-up strategy, theauthentication foundation has to be correct. Every domain used for externalsending needs the following:
• SPF — a correctlyconfigured TXT record that lists all authorized sending sources, with no morethan ten DNS lookups in the resolution chain.
• DKIM — 2048-bit keys,rotated periodically, with proper selector configuration at every sendingdomain and subdomain in use.
• DMARC — at minimum a p=nonepolicy with a monitored reporting address. Mature sending domains should be atp=quarantine or p=reject with full SPF and DKIM alignment.
• Subdomain strategy — coldoutreach routed through dedicated sending subdomains (for example,mail.yourdomain.com or outreach.yourdomain.com) to protect the root domain'sreputation from outbound signals.
Authentication gaps remain the single most common findingin deliverability audits. A missing DMARC record, an SPF record that doesn'tcover a third-party sending tool, or a DKIM key that hasn't been applied to asubdomain used for outreach — any one of these can undermine an otherwisewell-configured sending infrastructure.
Microsoft's 2025 and 2026 changes are not incrementaltweaks. They represent a structural shift in what Exchange Online is designedto support. The message from Microsoft is explicit: Exchange is forperson-to-person communication, not mass communication. Teams that have beentreating it as a bulk sending platform are now facing hard enforcement.
The right operational response depends on your sendingmodel:
• If you send genuineone-to-one sales outreach at moderate volume, the main adjustments areauthentication hygiene, behavioral throttling to stay well under MERRL limits,and monitoring TERRL consumption across the tenant daily.
• If you run high-volumesequences or marketing email through Exchange mailboxes, route that trafficthrough a purpose-built delivery service — Azure Communication Services, atransactional ESP, or a dedicated cold email infrastructure platform.
• If you're running outreachthrough freshly created domains or new tenants, account for Outlook's extendedevaluation period and set realistic warm-up timelines measured in months, notweeks.
• If you use any third-partyoutbound routing that loops back through Exchange, audit for double-countingagainst your TERRL quota.
The senders who land in the inbox consistently in 2026are the ones who have invested in authentication infrastructure, warm theirdomains properly over months, keep individual mailbox volumes conservative, andactively monitor placement across providers rather than assuming everything isworking.
What is the TERRL limitin Microsoft 365?
TERRL stands for Tenant External Recipient Rate Limit. Itis a hard daily cap on the total number of external recipients your entireMicrosoft 365 tenant can send to within any rolling 24-hour window. The limitis calculated as 500 × (number of non-trial email licenses^0.7) + 9,500. Trialtenants are capped at 5,000 per day. Enforcement began rolling out in early2025 for small tenants and continues to expand across all tenant sizes through2026.
What happens when youexceed the TERRL limit?
When a tenant exceeds its TERRL threshold, all outboundemail to external recipients is immediately blocked. There is no soft throttleor gradual degradation — it is a hard block. Senders receive a non-deliveryreport (NDR) with code 550 5.7.233 for non-trial tenants or 550 5.7.232 fortrial tenants. Sending resumes automatically once the 24-hour rolling windowclears enough headroom.
What is the differencebetween TERRL and MERRL?
TERRL is a tenant-wide daily cap on external recipientsacross all mailboxes combined. MERRL (Mailbox External Recipient Rate Limit) isa per-mailbox cap of 2,000 external recipients per 24-hour window. Both can betriggered independently. A tenant can have TERRL headroom while individualmailboxes hit MERRL limits, and a tenant can hit TERRL even if no individualmailbox has exceeded 2,000 sends.
Does MERRL apply toshared mailboxes?
Shared mailboxes follow the limits of the sendingprincipal. If you Send As from a shared mailbox, the 2,000 external recipientMERRL limit applies to the account of the user initiating the send, not theshared mailbox itself.
What counts toward theTERRL quota in Exchange Online?
All standard external email sends count toward TERRL,including sends from Outlook directly, CRM-routed messages through Exchange,sales sequencing tools that route through tenant mailboxes, and server-sidesync emails from platforms like Dynamics 365. Messages that do not countinclude out-of-office replies, delivery receipts, Teams and SharePointnotifications, Azure Communication Services email, Exchange Online High VolumeEmail, and mail between tenants in a Multi-Tenant Organization.
Does TERRL apply to AzureCommunication Services or Exchange High Volume Email?
No. Email sent through Azure Communication Services (ACS)and Exchange Online High Volume Email (HVE) does not count against TERRL. Theseare purpose-built offerings for transactional and high-volume sending and runon separate infrastructure from Exchange Online mailbox sending. If you need tosend at volumes that exceed your TERRL, migrating bulk sends to ACS isMicrosoft's recommended path.
Is SPF, DKIM, and DMARCnow required for Outlook?
Yes. Starting May 5, 2025, Microsoft began enforcing SPF,DKIM, and DMARC alignment for bulk senders delivering 5,000 or more messagesper day to consumer Outlook inboxes (@outlook.com, @hotmail.com, @live.com).Non-compliant mail is routed to junk in the initial enforcement phase, withfull rejection expected as enforcement continues. For business-to-businessemail and Exchange Online tenants, proper authentication is a strongdeliverability signal regardless of the enforcement threshold.
How long does it take towarm up a domain for Outlook deliverability?
Outlook requires significantly longer warm-up periodsthan Gmail. Where Gmail may respond positively to a few weeks of strongengagement signals, Outlook generally requires 60 to 90 days of consistent,low-volume sending before it extends meaningful trust to a new sendingidentity. New domains should start at 5 to 10 emails per day and increasevolume gradually over at least 4 to 6 weeks before approaching any meaningfulsend volume, with the full warm-up period measured in months.
How do you check yourtenant's TERRL quota and current usage?
Microsoft provides a Tenant Outbound External Recipientsreport in the Exchange Admin Center at EAC > Reports > Mail flow >Tenant Outbound External Recipients Rate. The report shows your currentexternal send volume, your daily TERRL quota, how much of the quota is used,and whether enforcement is currently enabled for your tenant. The PowerShellcmdlet Get-LimitsEnforcementStatus provides the same data programmatically.
Can you spread sendingacross multiple tenants to get around TERRL?
Technically, using multiple tenants multiplies availableTERRL quota. However, this approach carries significant cost, operationalcomplexity, and risk — if Microsoft determines that multiple tenants are beingoperated specifically to circumvent TERRL enforcement, coordinated enforcementaction is possible. This is considered a last-resort architecture. Therecommended approach for high-volume sending is to route bulk email outsideExchange entirely, through Azure Communication Services or a third-party ESP.
Why is Outlookdeliverability different from Gmail deliverability for cold email?
Gmail and Outlook use different reputation models andrespond differently to sender behavior. Gmail rewards engagement and canrecover relatively quickly from deliverability problems if engagement signalsimprove. Outlook demands demonstrated consistency over a longer timeframebefore trusting a sender, throttles more aggressively in response to volumespikes with 421 deferral codes, and applies intent-based AI filtering thatevaluates behavioral patterns rather than content keywords alone. For B2B coldoutreach where a large percentage of targets use Outlook addresses, this meansa more conservative sending strategy is required compared to Gmail-heavycontact lists.
Email deliverability is whether your emails reach the inbox or end up in spam. This complete guide covers everything you need to know to understand and improve
Cold email deliverability is getting harder in 2026. Learn proven strategies to set up your domain, warm up your inbox, and land cold emails where they belong.
Your email sender reputation decides whether emails reach the inbox or vanish into spam. Learn how to check your sender score and improve domain reputation fast
Our highly experienced email deliverability managers consistently help clients achieve inbox placement rates (IPR) of more than 90% by uncovering and resolving the issues that keep messages from their intended recipients. Are you ready to do the same?