MC886603 – (Updated) Reject multiple From addresses (P2 From headers) without a Sender header

Microsoft Exchange Logo

check before: 2025-02-03

Product:

Exchange, Outlook

Platform:

Developer, Online, World tenant

Status:

Change type:

Admin impact, Updated message, User impact

Links:

Details:

Summary:
Starting February 3, 2025, Exchange Online will drop messages with multiple From addresses without a Sender header to comply with RFC 5322. Affected users were notified on October 15. To prevent issues, ensure messages with multiple From addresses include a Sender header.

Details:
Updated November 6, 2024: We have updated the content. Thank you for your patience.
Starting February 3 (previously December 1), we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.
If we see significant traffic exhibiting multiple From addresses (P2 From headers) without a Sender header in your tenant in the month of September, we will send you a Message Center Post by October 15th alerting you and providing some sample message IDs.
We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.
[When this will happen:]
February 3, 2025 (previously December 1st)
We are delaying the rollout start date from December to February 3rd 2025 in order to provide more time to customers for investigating messages exhibiting multiple P2 From Addresses without a Sender Address.
Most of the traffic exhibiting multiple P2 From Addresses without a Sender Address will be inbound spam destined for your tenant sent by malicious spammers on the internet.
Some customers are sending legitimate emails with this malformed header configuration. On October 15, we sent a targeted MC post to customers showing high volumes of messages exhibiting multiple P2 From Addresses without a Sender Address as they may be impacted by this change.
For investigating if you will be impacted by this change, focus your investigation on messages sent using On Premises Inbound Connectors to Exchange Online. Authenticated mail submission is not impacted because submitting messages like this using those submissions are not allowed (Graph, Outlook clients, SMTP AUTH Client Submission).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-09-10

updated:
2024-11-08

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Email Delivery Failures
Messages with multiple From addresses without a Sender header will be dropped, leading to undelivered emails.
   - roles: Email Administrators, End Users
   - references: https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2

Increased Support Requests
Users may experience confusion and submit support tickets due to undelivered emails, impacting IT support workload.
   - roles: Helpdesk Staff, End Users
   - references: https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2

Compliance Issues
Failure to comply with RFC 5322 may expose the organization to security risks and potential exploitation.
   - roles: Compliance Officers, Email Administrators
   - references: https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2

User Experience Degradation
Users relying on multiple From addresses may face disruptions in their communication flow, leading to frustration.
   - roles: End Users, Team Leaders
   - references: https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2

Training and Awareness Needs
There will be a need for training sessions to inform users about the new requirements for sending emails.
   - roles: Training Coordinators, End Users
   - references: https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-11-08MC Last Updated09/21/2024 01:49:282024-11-08T01:37:37Z
2024-11-08MC MessagesUpdated September 20, 2024: We have updated the content. Thank you for your patience.
Starting December 1st, we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.
If we see significant traffic exhibiting multiple From addresses (P2 From headers) without a Sender header in your tenant in the month of September, we will send you a Message Center Post by October 15th alerting you and providing some sample message IDs.
We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.
[When this will happen:]
December 1st, 2024
Updated November 6, 2024: We have updated the content. Thank you for your patience.
Starting February 3 (previously December 1), we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.
If we see significant traffic exhibiting multiple From addresses (P2 From headers) without a Sender header in your tenant in the month of September, we will send you a Message Center Post by October 15th alerting you and providing some sample message IDs.
We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.
[When this will happen:]
February 3, 2025 (previously December 1st)
We are delaying the rollout start date from December to February 3rd 2025 in order to provide more time to customers for investigating messages exhibiting multiple P2 From Addresses without a Sender Address.
Most of the traffic exhibiting multiple P2 From Addresses without a Sender Address will be inbound spam destined for your tenant sent by malicious spammers on the internet.
Some customers are sending legitimate emails with this malformed header configuration. On October 15, we sent a targeted MC post to customers showing high volumes of messages exhibiting multiple P2 From Addresses without a Sender Address as they may be impacted by this change.
For investigating if you will be impacted by this change, focus your investigation on messages sent using On Premises Inbound Connectors to Exchange Online. Authenticated mail submission is not impacted because submitting messages like this using those submissions are not allowed (Graph, Outlook clients, SMTP AUTH Client Submission).
2024-11-08MC End Time02/24/2025 09:00:002025-03-03T09:00:00Z
2024-11-08MC SummaryStarting December 1st, Exchange Online will reject emails with multiple From addresses without a Sender header, to comply with RFC 5322. Noncompliance can lead to sender impersonation. Affected organizations will be notified by October 15th if they had significant noncompliant traffic in September.Starting February 3, 2025, Exchange Online will drop messages with multiple From addresses without a Sender header to comply with RFC 5322. Affected users were notified on October 15. To prevent issues, ensure messages with multiple From addresses include a Sender header.
2024-09-21MC MessageTagNamesUser impact, Admin impactUpdated message, User impact, Admin impact
2024-09-21MC SummaryStarting October 15th, Exchange Online will reject emails with multiple From addresses without a Sender header, to comply with RFC 5322. Organizations should ensure a single address in the Sender header to avoid non-delivery reports (NDRs) with error code 550 5.1.20. Feedback on this change is welcomed.Starting December 1st, Exchange Online will reject emails with multiple From addresses without a Sender header, to comply with RFC 5322. Noncompliance can lead to sender impersonation. Affected organizations will be notified by October 15th if they had significant noncompliant traffic in September.
2024-09-21MC Last Updated09/10/2024 02:59:502024-09-21T01:49:28Z
2024-09-21MC MessagesStarting October 15th, we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.

We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.
[When this will happen:]
October 15, 2024
Updated September 20, 2024: We have updated the content. Thank you for your patience.
Starting December 1st, we're going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.
If we see significant traffic exhibiting multiple From addresses (P2 From headers) without a Sender header in your tenant in the month of September, we will send you a Message Center Post by October 15th alerting you and providing some sample message IDs.
We are doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.
[When this will happen:]
December 1st, 2024
2024-09-21MC How AffectIf email clients including devices and applications that you use to send messages, do so using multiple From addresses but without a Sender address header after October 15th, you will get an NDR error code 550 5.1.20 "Multiple From addresses are not allowed without Sender address'".If email clients including devices and applications that you use to send messages, do so using multiple From addresses but without a Sender address header after December 1st, you will get an NDR error code 550 5.1.20 "Multiple From addresses are not allowed without Sender address'".
2024-09-21MC TitleReject multiple From addresses (P2 From headers) without a Sender header(Updated) Reject multiple From addresses (P2 From headers) without a Sender header
2024-09-21MC End Time12/31/2024 09:00:002025-02-24T09:00:00Z

Last updated 4 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!