Exchange Online – Incoming changes in Exchange Online Protection to better protect against phishing

An update, starting rolling out on November 9th, may affect you.

This update is changing the way Exchange Online Protection is validating the FROM address. Currently EOP accepts invalid FROM address, undergoing through the spam filtering which then may or may not deliver or mark them as spam.

After the update all emails with invalid FROM address will end as spam.

The only bypass for administrator will be:

  • Either to use IP allow lists
  • or EOP mail flow rules

You need to be prepare as you may still use legacy systems sending emails with incorrect FROM address.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.