From addresses (P2 From headers) without a Sender header
September 10, 2024Microsoft will comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address.
Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header
You will get an NDR error code 550 5.1.20 “Multiple From addresses are not allowed without Sender address’”
.
Email header compliance is crucial for ensuring email deliverability, reducing spam, and enhancing security. It helps in verifying the legitimacy of email sources, detecting phishing attempts, and complying with legal regulations. Properly formatted headers improve overall email management and protect against malicious content.
What can you do to prepare:
When this change is in effect, if you need to send a message that has more than one email address in the From field, make sure that you have a single email address in the Sender header.