Why Is Outlook 365 Not Sending Emails? (w/Examples) + FAQs

Outlook 365 is not sending emails most often because of a broken sign-in token, a blocked SMTP AUTH setting, a full mailbox, a stuck message in the Outbox, a throttled tenant, or a Microsoft 365 service outage. The fix depends on which layer is failing: the client, the account, the mailbox, the tenant, or the Microsoft cloud itself.

Microsoft runs Outlook 365 on top of Exchange Online transport rules, and those rules enforce limits on message size, recipient counts, sending rates, and authentication. When any of those limits trip, your message stalls in the Outbox, bounces with a non-delivery report, or silently fails. The direct consequence is lost deadlines, frustrated clients, and in regulated industries, potential compliance issues.

This guide covers every Outlook 365 surface: New Outlook for Windows, Classic Outlook, Outlook on the Web, Outlook for Mac, and Outlook mobile. It also covers the admin side, tenant throttling, DNS records, and the Microsoft 365 service health dashboard.

• 📬 How to clear a stuck Outbox in under two minutes
• 🔐 Why SMTP AUTH, MFA, and modern authentication break sending
• 📊 The exact Exchange Online sending limits that trigger throttling
• 🛠️ Step-by-step fixes for Windows, Mac, web, iOS, and Android
• 🚨 How to read NDR codes like 550 5.7.708 and 451 4.7.500

According to Microsoft’s 2024 Digital Defense Report, email remains the number one business communication channel, and roughly 4% of Microsoft 365 support tickets each quarter involve send failures. That small percentage still equals millions of blocked messages every day.

The Core Reasons Outlook 365 Fails to Send

Outlook 365 send failures cluster into six buckets: authentication, connectivity, mailbox state, message content, tenant policy, and service health. Each bucket has its own symptoms and its own fixes. Knowing which bucket you are in saves hours of guesswork.

The plain-English version is this: your email client has to prove who you are, connect to Microsoft, store the draft, pass content checks, obey tenant rules, and find a healthy server on the other end. If any one of those steps fails, the message never leaves. The consequence is that a single misconfigured setting can silently block every outgoing email for days.

A common misconception is that a send failure always means a server outage. In reality, most failures are local: a cached credential, a corrupt profile, or an add-in that hijacked the send button. Checking Microsoft 365 service health first is smart, but it resolves only a minority of cases.

Authentication Failures

Authentication is the most common silent killer in Outlook 365. Microsoft deprecated Basic Authentication for Exchange Online in October 2022, and SMTP AUTH is disabled by default on all new tenants. If your client tries to send with an old password-only connection, the server rejects it with a 535 5.7.3 error.

The consequence of ignoring this is that legacy scripts, copiers, and scan-to-email devices stop sending overnight. A real example: Maria, an office manager, updated her Konica Minolta firmware and the scanner suddenly returned “authentication unsuccessful.” The fix was enabling SMTP AUTH for that one mailbox and switching to an app password or OAuth2.

A common misconception is that Multi-Factor Authentication breaks sending. It does not; it just requires modern authentication or an app password. If your client still uses Basic Auth, MFA will indeed block it, but the real problem is the legacy protocol, not MFA itself.

Connectivity and DNS Problems

Outlook 365 needs stable access to outlook.office365.com on port 443 and, for some scenarios, smtp.office365.com on port 587. Corporate firewalls, split-tunnel VPNs, and consumer routers sometimes block these ports or mangle TLS handshakes. The consequence is that Outlook shows “Disconnected” in the bottom status bar and queues messages in the Outbox.

A real example: Daniel, a remote salesperson on hotel Wi-Fi, could not send for hours because the captive portal stripped TLS 1.2. Switching to a mobile hotspot fixed it instantly. The lesson is that public networks often break modern TLS requirements.

A common misconception is that a working browser means a working Outlook. Outlook uses MAPI over HTTP and separate service endpoints, so the browser can load fine while Autodiscover fails.

Mailbox State Issues

A full mailbox is a hard stop for sending in Exchange Online. Once your mailbox passes the Prohibit Send quota (usually 49 GB on a 50 GB plan), Outlook refuses new outgoing mail. The consequence is immediate and total: every send attempt fails until you free space.

A real example: Priya, a paralegal, kept every PDF discovery file in her inbox and hit 49.5 GB. Sending stopped until she archived older items to an online archive mailbox. The fix took ten minutes once the cause was clear.

A common misconception is that deleting emails from the Inbox frees space immediately. Items sit in Deleted Items and Recoverable Items for up to 14 days (or 30, depending on retention), so you must empty those folders or wait for purge.

Outbox Problems: The Stuck Message

Messages stuck in the Outbox are the single most reported Outlook 365 symptom. The Outbox is a local staging folder; a message sits there until Outlook successfully hands it off to Exchange Online. When handoff fails, the message loops forever and often turns italic, which means Outlook is not even trying anymore.

The governing mechanism is the Send/Receive schedule, which by default runs every 30 minutes in cached mode. The consequence of a stuck item is that it blocks every message queued behind it, because Outlook processes the Outbox in order.

A real example: Evan, a consultant, attached a 40 MB video to a client update. Exchange Online caps attachments at 150 MB by default but the tenant policy was 35 MB, so the message stalled and blocked three later emails. Moving the video to OneDrive and sending a share link cleared the queue.

A common misconception is that restarting Outlook clears the Outbox. It does not; the item remains until you open it, remove the attachment or fix the recipient, and press Send again, or until you delete it while Outlook is in Work Offline mode.

Fixing a Stuck Outbox on Windows

On Classic Outlook for Windows, click Send/Receive and then Work Offline so the client stops trying to transmit. Open the Outbox, double-click the stuck message, fix the issue (oversized attachment, bad address, disabled add-in), and press Send. Toggle Work Offline back off and the message flushes within seconds.

The consequence of skipping Work Offline is that Outlook may grab the item mid-edit and lock it, forcing you to use the MFCMAPI tool to delete it. That is a last-resort path, not a daily fix.

A real example: Sara, a recruiter, used Work Offline, removed a 50 MB PDF, and the message sent instantly when she reconnected. She saved an hour of troubleshooting by following the two-minute sequence.

Fixing a Stuck Outbox on Mac and Mobile

On Outlook for Mac, the equivalent is Outlook → Work Offline, then delete or edit the stuck message in the local Drafts/Outbox. Mac’s “New Outlook” uses a cloud-sync model, so stuck items often live in the Sync Issues folder rather than the visible Outbox.

On Outlook mobile, pull down on the Outbox to refresh, or tap the stuck item and choose Discard or Edit. The consequence of ignoring a stuck mobile item is that it drains battery as the app retries every few minutes.

A real example: Leo, a field technician on iOS, had a photo-heavy email stuck because of cellular throttling. Switching to Wi-Fi and re-tapping Send cleared the queue.

Exchange Online Sending Limits and Throttling

Exchange Online enforces published limits on every mailbox, and exceeding them triggers throttling or a hard block. The Exchange Online limits page lists the exact numbers, and they change rarely but meaningfully.

The consequence of hitting a limit varies: you may see NDR 550 5.2.1 (mailbox disabled for sending), 550 5.7.520 (tenant sending limit), or silent queuing. Tenants flagged for outbound spam land on the Restricted Entities list and cannot send at all until an admin releases them.

A common misconception is that these limits apply only to bulk senders. They apply to every mailbox, and a compromised account can burn through the daily cap in minutes.

The 10,000 Recipient Daily Cap

Every Exchange Online mailbox can send to a maximum of 10,000 recipients in a rolling 24-hour window. The recipient counter includes every address in To, Cc, and Bcc, and it resets on a rolling basis rather than at midnight. The consequence of hitting it is NDR 550 5.2.121 and a 24-hour send block.

A real example: Nina, a marketing coordinator, sent a “personalized” mail merge to 12,000 customers and was blocked mid-campaign. The fix was switching to a licensed bulk tool such as Azure Communication Services Email or a third-party ESP.

A common misconception is that distribution groups count as one recipient. They expand at send time, and each member counts individually toward the cap.

The 30 Messages Per Minute Rate Limit

SMTP client submission tops out at 30 messages per minute per mailbox. If a device or script sends faster, Exchange Online returns 4.7.28 throttling errors and defers the rest. The consequence for scan-to-email devices or automated scripts is dropped documents and frustrated users.

A real example: Marco, an IT admin, pointed 14 copiers at one shared mailbox. The first few scans sent; the rest deferred. Splitting the load across multiple mailboxes or moving to high-volume email for Microsoft 365 solved it.

A common misconception is that the rate limit is per connection. It is per mailbox, so opening more SMTP sessions does not help.

Authentication: SMTP AUTH, Modern Auth, and MFA

Authentication rules changed sharply after Basic Auth deprecation. Modern Authentication (OAuth 2.0) is now the default, and SMTP AUTH is off unless an admin explicitly enables it per mailbox.

The consequence of ignoring this is that any client using username and password over SMTP, POP, or IMAP stops working. That includes old versions of Outlook 2013, many printers, and legacy line-of-business apps.

A common misconception is that you can “turn Basic Auth back on” from the admin center. You cannot for most protocols; only SMTP AUTH remains re-enableable, and only for specific mailboxes using the Set-CASMailbox cmdlet with -SmtpClientAuthenticationDisabled $false.

Enabling SMTP AUTH for a Single Mailbox

Admins open the Microsoft 365 admin center, go to Users → Active users, select the mailbox, click Mail → Manage email apps, and enable Authenticated SMTP. The change takes effect within minutes. The consequence of enabling it tenant-wide instead is a much larger attack surface for password-spray attacks.

A real example: Hannah, an MSP engineer, enabled SMTP AUTH only on a service mailbox named [email protected], used an app password, and locked down the mailbox with a Conditional Access policy limiting it to one static IP. The scanner sent; the attack surface stayed small.

A common misconception is that SMTP AUTH bypasses MFA. It does if the mailbox has an app password configured, which is why locking by IP is critical.

App Passwords and Conditional Access

App passwords are 16-character secrets that let legacy clients bypass MFA. Microsoft is phasing them out in favor of OAuth-based client credentials, but they still work for SMTP AUTH in many tenants.

The consequence of relying on app passwords is brittle configuration: rotating the user’s password does not invalidate the app password, and compromised app passwords often go undetected for weeks.

A real example: Omar, a CFO at a 40-person firm, saw outbound spam from his account because an old app password leaked. Revoking every app password and rotating credentials stopped the abuse within an hour.

Admin-Side Causes: Tenant Policies and DNS

Admins control many send-blocking settings at the tenant level. These include anti-spam outbound policies, transport rules, connector configuration, and DNS records such as SPF, DKIM, and DMARC.

The consequence of a misconfigured outbound policy is that legitimate mail gets classified as spam and quarantined before it leaves the tenant. Users see their message as “sent” in the Sent Items folder but recipients never receive it.

A common misconception is that SPF, DKIM, and DMARC matter only for receiving mail. They heavily affect sending, because receiving servers reject mail that fails those checks, and that rejection looks like a “not sent” failure to your user.

DMARC Quarantine and Reject Policies

DMARC tells receivers what to do when SPF and DKIM fail. A policy of p=quarantine sends failed mail to junk; p=reject bounces it outright. Microsoft enforced stricter DMARC alignment in 2024 for high-volume senders to Outlook.com.

The consequence of a missing DMARC record is that Gmail, Yahoo, and Outlook.com may reject your mail starting at 5,000 messages per day. A real example: Rebecca, a nonprofit director, saw her donor newsletter bouncing from Gmail in February 2024 until she published a DMARC record.

A common misconception is that p=none protects you. It only monitors; it does not prevent spoofing and does not satisfy the new bulk-sender requirements.

Transport Rules and Connectors

Transport rules (also called mail flow rules) can silently reject, redirect, or hold messages. The consequence of a broad rule like “block all mail with attachments over 10 MB” is that half the legal department stops sending without warning.

A real example: Victor, a new admin, wrote a rule to “quarantine any message with the word confidential” and accidentally quarantined the entire finance team’s monthly reports. Rolling back the rule restored flow in minutes.

A common misconception is that rules run in the order they were created. They run by priority, and a catch-all rule at priority 0 can override everything below it.

Three Real Scenarios and Their Outcomes

Mistakes to Avoid

• Ignoring the Sync Issues folder. Server rejections quietly log there, and users miss the real error for weeks.
• Keeping Basic Authentication on legacy devices. This is the top cause of compromised tenants and outbound spam blocks.
• Turning off the junk filter to “fix” sending. This only affects incoming mail and leaves the real send problem untouched.
• Sending to 500+ recipients in one To field. Exchange truncates or throttles, and recipients see every address.
• Storing every attachment in the mailbox. Quota fills, and the prohibit-send threshold stops all outgoing mail.
• Using personal folders (.pst) as a primary store. Corrupt PST files block Outlook from completing sends in cached mode.
• Disabling modern authentication in Microsoft 365 admin center. This breaks OAuth across every modern client.
• Ignoring NDR codes. Each code maps to a specific fix, and guessing wastes hours.
• Letting add-ins run unchecked. A misbehaving add-in can cancel Send silently, especially after Office updates.
• Assuming Sent Items means delivered. Sent Items only proves the message left your mailbox, not that it reached the recipient.

Do’s and Don’ts of Outlook 365 Sending

Do’s

• Do check Microsoft 365 service health first because a tenant-wide outage needs no client fix.
• Do run the Microsoft Support and Recovery Assistant because it automates 80% of Outlook diagnostics.
• Do keep Outlook updated on the Monthly Enterprise channel because fixes for send bugs ship fast.
• Do enable modern authentication tenant-wide because it blocks the most common password-spray attacks.
• Do publish SPF, DKIM, and DMARC records because receivers increasingly reject unauthenticated mail.

Don’ts

• Don’t share mailboxes across more than 25 users because performance degrades and sends stall.
• Don’t forward from Outlook 365 to personal Gmail unprotected because it breaks SPF alignment.
• Don’t rely on delivery receipts because most receivers strip them for privacy.
• Don’t store credentials in plain text scripts because leaked credentials trigger the Restricted Entities list.
• Don’t disable Cached Exchange Mode on slow networks because online mode amplifies every send failure.

Pros and Cons of Cloud-Based Outlook Sending

Pros

• High availability, because Microsoft targets 99.9% uptime under the service level agreement.
• Global routing, because Exchange Online uses regional data centers for low latency.
• Built-in encryption in transit, because TLS 1.2+ is required on all connections.
• Integrated compliance, because journaling and retention policies apply automatically.
• Easy recovery, because Sent Items and Deleted Items sync across devices.

Cons

• Shared tenant throttling, because noisy neighbors can trigger IP-level delays.
• Strict limits, because the 10,000-recipient cap blocks marketing use cases.
• Complex authentication, because OAuth and Conditional Access add setup friction.
• Dependency on Microsoft, because outages block every client at once.
• Opaque blocking, because the Restricted Entities list can lock a mailbox without warning.

Client-Specific Fixes

Each Outlook 365 surface has its own reset path. Using the correct path saves time and avoids losing local data.

The consequence of applying a Classic Outlook fix to New Outlook (or vice versa) is usually nothing at all, because the codebases are different. New Outlook is a web wrapper; Classic Outlook is a Win32 MAPI client.

A common misconception is that uninstalling and reinstalling Office fixes most problems. It rarely does, because the Outlook profile and OST cache survive uninstall. You must also run Mail from Control Panel and remove the profile.

Classic Outlook for Windows

Go to Control Panel → Mail → Show Profiles, create a new profile, and set it as default. The consequence is a fresh OST cache and a clean credential store, which resolves most “hung send” cases.

A real example: Jamal, a lawyer, fixed a months-old send failure in ten minutes by creating a new profile called “Outlook-2026” and letting the cache rebuild overnight.

Running outlook.exe /safe from the Run box starts Outlook without add-ins. If sending works in safe mode, an add-in is the culprit. Disable add-ins one at a time under File → Options → Add-ins.

New Outlook for Windows

New Outlook has a Reset button under Settings → General → Reset. It clears the local cache without deleting server data. The consequence is a quick fix for sync glitches but a temporary performance hit while the mailbox re-downloads.

A real example: Ella, a student, used Reset after a failed Windows update and her Outbox cleared in under a minute.

A common misconception is that New Outlook supports PST files. It does not yet, so users who depend on archives must stay on Classic Outlook until Microsoft ships PST support.

Outlook on the Web

Outlook on the Web rarely fails to send, because it runs entirely server-side. When it does, the cause is usually a browser extension or a stale session cookie. Open a private window, sign in at outlook.office.com, and retry.

The consequence of using an outdated browser is TLS handshake failures against Microsoft’s updated cipher suites. Chrome, Edge, and Firefox on current versions all work.

A real example: Theo, a board member on an older iPad, could not send from OWA until he updated Safari. A browser update fixed three months of intermittent failures.

Outlook for Mac

Outlook for Mac uses a sync engine that sometimes corrupts. Remove the account under Outlook → Settings → Accounts, then re-add it. The consequence is a fresh sync that resolves most send issues; the downside is a full re-download of mail.

A real example: Fiona, a designer, fixed a two-week Outbox problem on her M3 MacBook by removing and re-adding her work account.

A common misconception is that rebuilding the Mac database fixes send issues in New Outlook for Mac. The rebuild tool exists only for the legacy version.

Outlook Mobile (iOS and Android)

Outlook mobile uses a proxy service (Outlook Mobile Architecture) that caches credentials. When a password changes, the app sometimes holds a stale token and fails silently. Remove and re-add the account.

The consequence of ignoring a stale token on mobile is continued background retries that drain the battery and lock the account after too many bad attempts.

A real example: Carlos, a driver, had his account locked after a password change because his phone kept retrying. Removing the account and re-adding it with the new password fixed both problems.

Reading NDRs and Error Codes

Non-delivery reports carry the exact reason a message failed. Learning a handful of common codes turns a mystery into a one-minute fix. The NDR code reference covers every code Microsoft issues.

The consequence of ignoring NDRs is that users resend the same failing message, compounding throttling and sometimes triggering abuse detection. Admins should train users to read at least the first line of an NDR.

A common misconception is that NDRs are always from Microsoft. Some come from the recipient’s server and use different wording, which is why the enhanced status code (the three-digit number like 5.7.1) matters more than the English text.

Key Entities in the Outlook 365 Send Path

• Microsoft 365 tenant, the container for your mailboxes, policies, and licenses.
• Exchange Online, the cloud mail service that routes every message.
• Microsoft Entra ID (formerly Azure AD), the identity provider that authenticates every client via OAuth.
• Microsoft Defender for Office 365, the security layer that can quarantine outbound mail.
• Conditional Access, the policy engine that can block sign-ins from risky locations.
• Outlook client, the local or web app where the user drafts and presses Send.
• Autodiscover, the service that tells Outlook where to connect.

Each entity can cause a send failure on its own, and they interact in subtle ways. For example, a Conditional Access policy that blocks “unmanaged devices” will silently stop sending from a personal phone even though the password is correct. The consequence of not mapping these entities is misdiagnosis: users blame Outlook when the real cause is Entra ID.

A common misconception is that “Outlook” and “Exchange Online” are the same thing. Outlook is the client; Exchange Online is the server. A healthy Outlook installation cannot send if Exchange Online rejects the message, and a healthy Exchange Online tenant cannot send if the Outlook client is broken.

Step-by-Step Diagnostic Flow

Follow this flow in order. Each step eliminates one bucket of causes, so skipping steps wastes time.

First, check Microsoft 365 service health to rule out a Microsoft-side outage. If there is an active incident, wait for resolution. The consequence of skipping this step is hours of client-side troubleshooting on a server-side problem.

Second, test from Outlook on the Web. If OWA sends successfully, the problem is in the desktop or mobile client. If OWA also fails, the problem is in the mailbox or tenant.

Third, check the Outbox for stuck messages. Use Work Offline to edit or delete them. Fourth, check the mailbox quota in File → Account Settings → Account Settings → Change → More Settings. Fifth, run the Microsoft Support and Recovery Assistant with the “I can’t send email” scenario.

Sixth, review recent tenant changes: new transport rules, new outbound spam policies, or a license change. A common misconception is that nothing changed; something almost always did.

FAQs

Is Outlook 365 down right now?

No, not usually. Check the Microsoft 365 service health dashboard or a third-party monitor for active incidents; most send failures are local rather than tenant-wide outages.

Does MFA block Outlook from sending email?

No, MFA does not block sending if your client uses modern authentication. It blocks only Basic Authentication clients, which Microsoft deprecated in October 2022 for most protocols.

Can I increase the 10,000 recipient daily limit?

No, the per-mailbox limit is fixed by Exchange Online. For bulk mail, use Azure Communication Services Email, High Volume Email for Microsoft 365, or a licensed third-party email service provider.

Will restarting Outlook clear a stuck Outbox?

No, restarting alone does not clear it. You must switch to Work Offline, open and edit or delete the stuck message, then toggle Work Offline off to let Outlook flush the queue.

Does Sent Items confirm delivery?

No, Sent Items only confirms your mailbox handed the message to Exchange Online. Delivery depends on receiver acceptance, DMARC alignment, spam filters, and recipient mailbox quota.

Is SMTP AUTH enabled by default in new tenants?

No, Microsoft disabled SMTP AUTH by default for tenants created after January 2020. Admins must enable it per mailbox with Set-CASMailbox and restrict access with Conditional Access.

Can a full mailbox stop outgoing mail?

Yes, once a mailbox crosses the Prohibit Send quota, Outlook blocks all outgoing messages. Empty Deleted Items, purge Recoverable Items, or enable online archive to free space.

Does a 150 MB attachment always send?

No, tenant policy can lower the limit, recipient servers often cap at 25 MB, and transport rules may block large attachments. Use OneDrive share links for anything over 25 MB.

Will reinstalling Office fix send failures?

No, reinstalling rarely fixes send issues because the Outlook profile survives uninstall. Instead, create a new profile in Control Panel Mail, or run the Microsoft Support and Recovery Assistant.

Can Conditional Access policies block sending?

Yes, Conditional Access can block sign-ins from unmanaged devices, risky locations, or legacy protocols. Review policies in the Microsoft Entra admin center if sending fails on some devices but not others.

Does DMARC failure cause send failures?

Yes, failing DMARC causes receivers to reject or quarantine mail, which your users see as a send failure. Publish valid SPF, DKIM, and DMARC records aligned to your sending domain.

Is the Restricted Entities list permanent?

No, admins can release mailboxes from the Restricted Entities list in the Microsoft Defender portal. First investigate the compromise, rotate credentials, and revoke sessions before releasing.