Windows 10 News and info | Forum
October 23, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft Office 365 Webmail Exposes User's IP Address in Emails  (Read 880 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30608


I Do Windows


WWW Email
« on: July 26, 2019, 03:00:59 AM »
ReplyReply

If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header.

Operating a web site and focusing on infosec related topics has made me a paranoid person.  This leads me to send replies to stranger's emails via webmail so I do not expose my local IP address for security and to protect my privacy.

It turns out that if you have been using the Office 365 webmail interface to hide your IP address, you are not hiding anything.

When sending an email via Office 365 (http://outlook.office365.com/), the service will inject an additional mail header into the email called x-originating-ip that contains the  IP address of the connecting client, which in this case is your local IP address.

Quote
authentication-results: spf=none (sender IP is )
 
  smtp.mailfrom=test@example.com
x-originating-ip: [23.xx.xx.xx]

x-ms-publictraffictype: Email


BleepingComputer tested the webmail interfaces for Gmail, Yahoo, AOL, Outlook.com (http://outlook.live.com), and Office 365.

None of the webmail interfaces other than Office 365 injected the user's local IP address, which is what most have come to expect when using webmail.

If you are using Office 365's webmail interface and wish to keep your local IP address private, at this point you will need to connect to the webmail using a VPN or Tor. This will cause the services' IP address to be injected into the email rather than your local one.

Enterprise level feature

According to responses in Microsoft answers forums, Microsoft removed the x-originating-ip header field in 2013 from Hotmail to offer their users more security and privacy.

Quote
"Please be informed that Microsoft has opted to mask the X-Originating IP address. This is a planned change on the part of Microsoft in order to secure the well-being and safety of our customers."


For Office 365, who caters to the enterprise, this header was intentionally left in so that admins could search for email that has been sent to their organization from a particular IP address. This is especially useful for finding the location of a sender in the event an account has been hacked.

For Office 365 admins who do not wish to continue using this header, you can create a new rule in the Exchange admin center that removes the header.


Creating a new rule

For security and auditing purposes, it is probably a wiser choice to keep it enabled.

source
« Last Edit: July 26, 2019, 03:08:08 AM by javajolt » Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 08, 2019, 02:07:59 AM