Announcement ID | MC886603 | Published Date | 09-10-2024 | |
Service | Exchange | Last Updated | 09-20-2024 | |
Category | Plan for change | Expiration Date | 02-24-2025 | |
Roadmap ID | Action Required by Date | |||
Tags | Major update, Admin impact, User impact |
Summary |
---|
Starting December 1st, Exchange Online will reject emails with multiple From addresses without a Sender header, to comply with RFC 5322. Noncompliance can lead to sender impersonation. Affected organizations will be notified by October 15th if they had significant noncompliant traffic in September. |
More Information |
---|
Starting December 1st, we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online. If we see significant traffic exhibiting multiple From addresses (P2 From headers) without a Sender header in your tenant in the month of September, we will send you a Message Center Post by October 15th alerting you and providing some sample message IDs. We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header. When this will happen:December 1st, 2024 How this affects your organization:If email clients including devices and applications that you use to send messages, do so using multiple From addresses but without a Sender address header after December 1st, you will get an NDR error code 550 5.1.20 "Multiple From addresses are not allowed without Sender address". What you can do to prepare:When this change is in effect, if you need to send a message that has more than one email address in the From field, make sure that you have a single email address in the Sender header. If you expect this change to cause any issues for your organization, please share that feedback. |