For businesses that need to send a significant number of emails—whether for marketing campaigns, transactional notifications, or internal alerts—Microsoft offers a specialized feature known as High Volume Email (HVE). This feature allows organizations to surpass standard sending limits, ensuring smooth operations for high-demand scenarios.

In this blog post, we will explore High Volume Email in Exchange Online, discussing its capabilities, setup process, management, and best practices.

Understanding High Volume Email (HVE)

High Volume Email (HVE) is designed for scenarios where an organization needs to send large numbers of emails regularly using SMTP AUTH. Unlike standard email accounts in Exchange Online that come with a limit of 10,000 per day, HVE accounts come with enhanced sending limits, But you need to know about some other limitations too:

  • Up to 100,000 recipients per day per tenant.
  • Up to 2,000 external recipients per day per HVE account.
  • 10 Message submission limit per minute for messages containing external recipients
  • No Support for Send-As or Reply-To features
  • Max message size is 10 MB including attachments.
  • Max 50 Recipient per-message

These capabilities are particularly useful for line-of-business applications, notifications, and internal alerts where high throughput is critical.

Some of the key use cases for High Volume Email:

  1. Transactional Emails: Notifications like order confirmations, password resets, and shipping updates.
  2. Internal Alerts: System-generated alerts for IT or operational teams.
  3. Marketing Campaigns: Bulk email campaigns targeted at customers or prospects.

Even the High Volume Email uses SMTP AUTH, there is no need to enable this feature on the tenant or the account, the High Volume Email works fine as it uses a different endpoint to submit the messages.

How Are Recipients Counted?

Recipient limits are calculated based on the total number of recipients added in the To, CC, and BCC fields of an email. An interesting aspect of this is how Exchange Online handles distribution lists (DLs). If a DL is managed within the organization’s Global Address List (GAL), it is counted as a single recipient. However, if the DL is stored in a user’s contact folder (created individually), all members of that DL are counted individually.

Setting Up High Volume Email Accounts

The HVE requires an Entra ID account, this account is used to authenticate with Exchange Online during sending an email message. You don’t need to create the account manually, instead it will be created automatically by Exchange Online.

The account is a MailUser, not a UserMailbox so do not assign a license for the account. Setting up HVE accounts in Exchange Online is a straightforward process. You can set up the High Volume Email using the GUI or PowerShell. Here’s how you can do it:

Setting up High Volume Email Using Exchange Admin Center (EAC)

  1. Navigate to the Exchange Admin Center.
  2. Go to the Mail flow section.
  3. Select High Volume Email (Preview).
  4. Create a new HVE account by specifying

Click on Add an HVE account

Adding

Fill in the required information click on Next and then click on Finish

Fill info

Till the date of writing this post, you can add up to 20 HVE account

Setting up High Volume Email Using PowerShell

PowerShell offers a programmatic way to manage HVE accounts. To create an HVE account, use the following cmdlet:

  • Start by opening PowerShell 7
  • Connect to Exchange Online by using the Connect-ExchangeOnline cmdlet

If you dont have the Exchange Online Management PowerShell module, then you can download it and install it automaticlly using the following command Install-Module -Name ExchangeOnlineManagement

PS7> $securePassword = Read-Host "Type the password for the account" -AsSecureString
PS7> Type the password for the account: *********

PS C:\> New-MailUser -HVEAccount -Name "Noreply-HVE" -Password $securePassword -PrimarySmtpAddress "noreply@powershellcode.com"

Name                                     RecipientType
----                                     -------------
Noreply-HVE                              MailUser

Using High Volume Email Using PowerShell

To use and send an email using the High Volume Email account we created in the previous step, you need to configure the following parameters:

  • SMTP server: smtp-hve.office365.com
  • Port: 587
  • Authentication: Username (email address of the HVE account) and password
  • TLS: STARTTLS, TLS 1.2 or TLS 1.3

Use the following PowerShell line to send a test message using the High Volume Email account

PS> Send-MailMessage -From noreply@powershellcode.com -To External@gmail.com -SmtpServer smtp-hve.office365.com -Port 587 -UseSsl -Credential (Get-Credential) -Subject "Hi From HVE"

Using the command above may return the following warning, that can be ignored
WARNING: The command ‘Send-MailMessage’ is obsolete. This cmdlet does not guarantee secure connections to SMTP servers. While there is no immediate replacement available in PowerShell, we recommend you do not use Send-MailMessage at this time. See https://aka.ms/SendMailMessage for more information.

Most organizations have a Conditional Access Policy that prevents Legacy authentication protocol, which includes SMTP Auth. Make sure to exclude the HVE account from that policy.

Troubleshooting High Volume Email

After configuring HVE, when trying to send an email, you might get an error

client was not authenticated

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not
authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, the organization configuration does not allow this authentication request.
Visit https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-error-codes for more information. Error code: AADSTS53003

or

5.7.139 Authentication unsuccessful, basic auth is blocked.

This error is related to the Authentication Policy on Exchange Online. The user used to connect to and send email using SMTP Auth is not allowed as the SMTP Auth is not allowed in the organization. There is no need to enable the SMTP Auth on the tenant level. Instead, we can create an Authentication Policy that only allow this user to use the SMTP Auth.

The best way to do it is to create a new Authentication Policy and assign it to the High Volume Email user account.

Lets start by creating the Policy. Lets name it as HVE-Policy-Name

PS:> New-AuthenticationPolicy -Name "HVE-Policy-Name" -AllowBasicAuthSmtp

Now we created a policy that allow basic authentication for the SMTP as the AllowBasicAuthSMTP is used, lets now assign it to the user.

Use the following line to assign the policy to the account

PS:> Set-User "HVE-UserAccount" -AuthenticationPolicy "HVE-Policy-Name"

To confirm the policy assignment, run the following line

PS:> Get-user "HVE-UserAccount" | select-object AuthenticationPolicy

AuthenticationPolicy
--------------------
HVE-Policy-Name

Conditional Access Restriction

Even though the Authentication Policy is set, there is another restriction that still might be enforced that block the sending.

To check weather the conditional access policy is blocking the account or not, follow these steps.

  • Login to Entra ID
  • Click on Users -> All Users
  • Search for the High Volume Email account
  • Click on the account and then click on the Sign-in Logs
Sign-in

So make sure to exclude the account from conditional access policy that block MFA or other policy related to Legacy protocol.

Conclusion

In this post, you learned how to configure High Volume Email, and as shown, it’s an easy process. You need to understand the business requirements along with the HVE limitations and features to see how you can fit the HVE in your environment if required.

Hope you learn something new, If you like to see how to send an email message using Graph API, then take a look at Send-MgUserMail BodyParameter Explained

5/5 - (1 vote)