New recipient limit for Non-2FA enabled McGill email accounts
In an effort to limit the impacts of unsolicited and fraudulent emails being sent in large numbers to the McGill community, McGill’s IT Infrastructure & Information Security has decided to limit the number of emails that can be sent from non-2FA (two-factor authentication) enabled email accounts.
This limit will be imposed on all such accounts as of October 3rd, 2023. From that date on, accounts that are NOT two-Factor Authentication (2FA) enabled (at this moment, mostly Alumni and Retirees’ accounts) will be restricted to sending messages to a maximum of 100 recipients per 24 hours. This limit is imposed on the number of recipients, regardless of the number of emails sent.
Important: McGill Active Directory managed distribution lists are not affected by this change. Such distribution lists are treated as 1 recipient.
Why is this limit being established?
- To limit the number of emails that can be sent from a compromised account, used for spamming, will reduce its impact on the McGill population and make such outbreaks more manageable.
- To bring us closer to complying with Law 25 which requires 2FA to be enabled on email accounts with the hope of improving security and personal data privacy.
What can I do to help mitigate security issues linked with spamming attempts?
Enable 2FA on your McGill email account by following the instructions in this two-factor authentication article.
Where can I find more information?
What is the immediate effect of this limit on my account?
After the recipient limit is reached, messages can't be sent from your mailbox until the number of recipients drops below the established limit (100 per 24 hours). (see examples below)
How will I know if I reached the limit?
You will receive an email with the following message:
Delivery has failed to these recipients or groups:
9:00 AM, day 1: first email message sent to 20 recipients,
10:00 AM, day 1: second message sent to 50 recipients,
11:00 AM, day 1: third message to 30 recipients, limit of 100 messages is reached.
No more messages can be sent until 09:01 AM on the next day (day 2) and only 20 recipients can be reached until 10:01AM at which point messages to an additional 50 recipients can be sent.