CSU will begin phasing in lower daily email sending limits for Microsoft 365 accounts over the coming months to help reduce phishing, spam, and compromised‑account email campaigns that affect students, faculty, and staff.

These changes are part of CSU’s Cybersecurity Alignment initiative and follow Microsoft’s push for more conservative email‑sending thresholds across higher education.

Why this matters

High‑volume email sending is one of the most common ways malicious actors spread phishing and scam messages. Reducing limits – and shifting bulk communication to purpose‑built tools – helps protect the CSU community from personal, financial, and institutional harm. For more information about common cybersecurity risks and steps you can take to avoid them, visit CSU’s cybersecurity website.

What’s changing

Daily sending limits will differ based on role and will be introduced in two waves:

Timeline	Students	Faculty & Staff
End of March 2026	500	2,000 (no change)
End of June 2026	250	1,000

Microsoft has already lowered its thresholds, and CSU’s prior exception process for high‑volume sending is no longer effective. Instead, the Division of IT encourages the use of approved and supported alternatives. 

What’s not changing

• Distribution lists, listservs, and direct-coding means remain available.
• Students and faculty can continue using Canvas and other academic tools to communicate.

Better options for sending to large groups

CSU already supports more effective tools for high‑volume messaging, including:

• Listservs. Currently in an application called Mailman, but a much-improved listserv product, Simplelists, will be fully available before any faculty/staff reductions take effect.
• Distribution lists within Microsoft 365. An email sent to a distribution list with 300 members counts as being sent to a single recipient.
• Marketing platforms such as Salesforce Marketing Cloud, Mailchimp, and Constant Contact.

A curated list of supported alternatives is available in the Division of IT’s knowledgebase, Mass email from Microsoft 365: Why you’re seeing blocks or throttling and better ways to send.

What you should do now

If you regularly send messages to large audiences—or manage systems that rely on bulk email—start reviewing your workflows and transitioning to approved tools.

Everyone at CSU plays a role in protecting institutional integrity and the safety of our community. By thoughtfully shifting how bulk messages are sent, CSU can significantly reduce phishing risks and help ensure that important communications reach their intended audiences safely and reliably.

For questions or help choosing the right tool, submit a ticket to the Division of IT or contact your local IT support team.