Microsoft Is Closing Every Door on Recruitment Email

Microsoft are closing the door on recruitment email

What Microsoft Really Wants

(And What You Need to Do About It)

Recruitment has always run on email.

You reach out to candidates. You check in with clients. You build sequences, send alerts, and follow up faster than your competitors can finish their second coffee. In recruitment, email is still how businesses flourish.

But Microsoft does not care how important email is to you. Their position is now very clear:

Exchange Online is for person-to-person communication, not bulk outreach.

If you are still using Microsoft 365 to run cold campaigns, nurture sequences, or send job alerts at scale, your setup is living on borrowed time. The trouble is, so many of your favourite tools have been built around how Microsoft 35 has worked up until now.

What Doors Are Microsoft Closing On Bulk Email

TERRL, MERRL and Copying Google’s 2024 Move

With the rollout of the Mailbox External Recipient Rate Limit (MERRL), Microsoft is not just tweaking the rules. They are enforcing a new direction.

  • Every licensed user is capped at 2,000 external emails per 24 hours (note; one email to five external people = 5 emails!)
  • Shared mailboxes are included in the enforcement
  • Unlicensed automations may be throttled or blocked
  • Visibility is limited unless you take action

And it gets more complicated. That 2,000 limit is not as stable as it sounds.

Your outbound volume is still constrained by TERRL — the Tenant External Recipient Rate Limit. It limits the total number of external emails your entire Microsoft 365 tenancy can send. The more licences you add, the more you can send… but with diminishing returns. Once you pass five or six licences, your total allowance per user begins to drop. So even if you think each recruiter has 2,000 external messages to play with, your real capacity may be far lower. And harder to calculate.

You can read more about how TERRL works, why it’s already affecting recruitment firms, and how to calculate your limits, check out our breakdown:
Microsoft is Breaking Recruitment Email

And this shift is not limited to outbound enforcement.

Microsoft has also updated how it handles inbound mail to its consumer-facing Outlook.com platform. Messages that fail SPF, DKIM, or DMARC checks, even from legitimate senders, are increasingly being dropped at the edge. This reinforces that Microsoft is tightening standards from both directions. Sound familiar? Google did the same thing in early 2024. The good news is, if you’ve made changes in response to that, you should be ready for Microsoft’s change.

We explain those changes here:
Microsoft is Joining the Email Crackdown

The key takeaway: Microsoft is raising the bar. You are expected to send less, send better, and prove you control your domain identity with properly configured SPF, DKIM, and DMARC.

Why Microsoft Is Doing This

It is tempting to think Microsoft’s email restrictions are aimed at spammers. But that’s only half the story.

What Microsoft really wants is to stop being used as a mass mailer. Full stop, whether the sender is a scammer in a basement or a reputable recruitment firm running smart prospecting campaigns.

Why? Because when Microsoft 365 tenants send large volumes of email (even legitimate ones) it creates risk. If enough of that email gets flagged as spam, or rejected by other providers, it damages the reputation of Microsoft’s entire email infrastructure. That affects their ability to deliver email for everyone, including enterprise customers.

Mass-mail platforms like SendGrid or Mailgun were built for this. They have:

  • Dedicated IP pools
  • Bounce and complaint tracking
  • Rate-limiting by design
  • Enforcement policies that penalise senders for abuse or spammy behaviour

Microsoft 365 is not designed that way. It was built for secure, human-to-human business email. When it gets misused for marketing-style campaigns, Microsoft ends up carrying the risk without the controls.

This is why Microsoft is clamping down. The new MERRL and TERRL limits are not just about volume. They are about pushing you to use the right tools for the right job.

If you need to send 10,000 messages in a day, you should be using a platform that was designed to do that safely and responsibly (not trying to sneak it through an Exchange Online mailbox).

In short: Microsoft is protecting its platform. And if you keep relying on it for campaign traffic, your deliverability (and your business) could be the collateral damage.

Why Recruiters Cannot Afford to Ignore This

If your business depends on:

  • Prospecting campaigns using your recruiter’s email identity
  • Candidate outreach run from shared mailboxes
  • Job alerts or status updates triggered automatically
  • Tools that send from Microsoft 365 using Graph API, SMTP, or service accounts (so, most of them!)

Then you are on a collision course with enforcement. When enforcement hits, you will not get a warning. Emails will start failing. Campaigns will stall. Your domain reputation may take a hit.

This is not hypothetical. The wheels are in motion and enforcement becomes universal by April 2026.

Stop Treating Email Like a Utility

Recruiters often treat email the way they treat internet access or office space as a given. But the truth is, email is infrastructure. And like any infrastructure, it can be designed well or poorly.

Poorly designed email systems:

  • Mix internal and external traffic on the same infrastructure
  • Overuse shared mailboxes for campaign work
  • Send high volumes without tracking limits or sender health
  • Have no visibility until delivery starts to fail

Well-designed systems:

  • Use Microsoft 365 for one-to-one messaging only
  • Move campaign traffic to dedicated email platforms
  • Use DMARC monitoring to track all platforms sending email on behalf of your domain
  • Separate transactional, marketing, and conversational email paths

What a Hybrid Recruitment Email Stack Looks Like

The future of recruitment email is hybrid. Here is what that means:

Type of EmailPlatformWhy
Day-to-day recruiter conversationsMicrosoft 365 (Exchange Online)Secure, professional, compliant
Campaigns, sequences, prospectingSendGrid, Brevo, Mailgun, Azure Communication ServicesDesigned for volume and automation
System alerts, job notificationsAzure Communication Services or CRM-integrated platformsScalable, API-driven
Visibility across all platformsQuinset PowermailTracks outbound mail sources via DMARC data

This model lets you keep communication flowing while protecting your brand reputation, respecting Microsoft’s limits, and maintaining delivery.

What You Should Do Next

1. Split Your Email Workloads

Do not wait for Microsoft to shut you down. Separate:

  • Recruiter conversations (keep in Microsoft 365)
  • Prospecting campaigns (move to an outbound platform)
  • System-generated emails (consider ACS or CRM-integrated providers)

2. Run a Full Email Infrastructure Audit

Identify:

  • All shared mailboxes in use
  • All apps or tools that send using Microsoft 365 credentials
  • Who is sending, what they are sending, and how often

3. Deploy Quinset Powermail

You cannot manage what you cannot see. Powermail gives you:

  • Full DMARC-based visibility across your domain
  • Insight into every tool or platform using your domain to send mail
  • A simple way to see where you are exposed — and how to fix it

4. Build Your Hybrid Architecture

Work with Quinset to:

  • Design a sending stack that meets Microsoft’s expectations
  • Implement platforms that can handle volume
  • Set up proper licensing, monitoring, and identity controls
  • Protect your deliverability and reputation

TL;DR

Microsoft is enforcing hard limits on how much email you can send via Microsoft 365. Campaigns, automations, and shared mailboxes are all affected. Also, your real capacity may be lower than expected due to TERRL.

Recruitment firms that rely on Microsoft for everything will see:

  • Failing emails
  • Disrupted campaigns
  • Damaged domain reputation

The solution is not to fight Microsoft. It is to build a hybrid architecture. Microsoft for conversations and outbound platforms for campaigns. And all with visibility and structure built in.

Quinset can help you make that shift without breaking your workflows. The future of email is not one-size-fits-all. It is strategic.