Share via

Shared mailbox added to restricted entities despite of custom outbound spam policy

Anonymous
2025-05-27T11:11:33+00:00

We have a shared mailbox used by a robotic process automation system to send outbound emails (only to recipients within our domain).

  • It has a Microsoft 365 Business Premium license assigned
  • It is explicitly included in a custom anti-spam outbound policy with a daily limit of 10,000 emails
  • The policy has higher priority (priority 1) than the default policy (which has a 1,000 email limit)

Despite this configuration, the mailbox was added to the Restricted Entities list after sending approximately 1,000 emails — seemingly as if the default policy applied instead.

I've verified that:

  • The custom policy includes the mailbox directly
  • The license is active
  • The policy is applied with the correct priority
  • There are no obvious delivery failures or major spikes in bounce rate that we can identify

After removing the mailbox from the Restricted Entities list, mail flow resumed without issue.

My questions:

  1. Why would a mailbox still be restricted after sending only ~1,000 messages, when it should be allowed up to 10,000 based on policy?
  2. Does Microsoft's backend anti-spam protection override custom policies in certain scenarios?
  3. Is there any guidance on what behaviors (e.g., sending rate, burst patterns, content types, recipient patterns) can trigger such an automated block — even when the account is licensed and properly scoped?

Additional context:
The mailbox is part of an automated process that occasionally sends a large number of emails in a short time (sometimes several hundred messages within a minute). Could this kind of burst behavior be triggering a backend restriction, regardless of the outbound policy?

Thanks in advance for any insight or documentation that can help us prevent this from happening again.

Microsoft 365 and Office | Subscription, account, billing | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-06-09T14:23:00+00:00

    Hi again.

    Sorry for the late response.

    If the error says you hit the limit of 1000 mails. It might be for some other mails regarding other processes running in that address. For further analysis of this behavior, I'd recommend contacting our Support Team through the Customer service phone numbers - Microsoft Support.

    Best Regards,

    Daniel C.

    Microsoft Community Support

    Was this answer helpful?

    0 comments
  2. Anonymous
    2025-06-04T11:49:40+00:00

    It does answer a few questions yes.
    One thing our developer is questioning is that the error mail received when the mail was added as a restricted entity said that we had hit the 1000 mail default limit.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2025-05-29T13:28:54+00:00

    Hello again.

    I'm here just to do a quick follow up and ask you if the information I shared was useful.

    I'll be here if you need further guidance.

    Best Regards,

    Daniel C.

    Microsoft Community Support

    Was this answer helpful?

    0 comments
  4. Anonymous
    2025-05-27T12:54:44+00:00

    Hello.

    Thanks for reaching out to the Microsoft Community.

    Even with a high-priority custom outbound spam policy, Microsoft's Exchange Online Protection (EOP) and Microsoft Defender for Office 365 systems can still apply backend safeguards that override user-defined limits, especially when automated or high-volume sending behavior is detected.

    Microsoft's backend monitoring continuously evaluates sending volume, frequency, and recipient diversity. If the system detects activity resembling spam, even within policy limits, it may add the mailbox to the Restricted Entities List to protect the service and other tenants.

    So, the question here is, does backend anti-spam override custom policies?

    Yes, in certain conditions. Even if a mailbox is explicitly scoped in a custom outbound spam policy, EOP's automatic detection and throttling mechanisms can still take precedence if anomalous patterns are found (Configure outbound spam policies - Microsoft Defender for Office 365 | Microsoft Learn).

    To avoid this happening, I'll mention the behaviors that may trigger these restrictions:

    • Sudden increases in email volume.
    • Repetitive content patterns.
    • High sending frequency, especially to a narrow set of internal recipients.

    So, if the mailbox is sending hundreds of emails in a short time, consider implementing controlled batching and inserting short delays between message batches. This helps maintain compliance with Microsoft's internal thresholds, even if the policy settings allow higher limits.

    Lastly, if the behavior persists after this recommendation applied, consider submitting a support request ticket through the Admin Center (Get support - Microsoft 365 admin | Microsoft Learn).

    Best Regards,

    Daniel C.

    Microsoft Community Support

    Was this answer helpful?

    0 comments