Office 365 Webmail injects your IP address into email headers

through Radu Tyrsina

CEO and founder

Radu Tyrsina has been a Windows fan since he got his first PC, a Pentium III (a monster at the time). For most children his age, the Internet was a … Read More

Office 365 Webmail discloses your IP addresses in emails

Do you know that when you use the webmail component of Office 365, you also send your IP address to other people?

This is because the header of your emails contains your IP address when you use the Outlook 365 web service. Maybe Microsoft has a specific reason for automatically integrating IP addresses.

However, the company never informed Outlook 365 users about this. You should not ignore this issue as it is a major security and privacy risk for all of us.

Jason Lang recently identified these issues and shared the news on Twitter.

It cannot be said that this was an accidental Microsoft leak. Obviously, Microsoft was deliberately injecting your IP address into emails.

Are you looking for a tool to hide your IP address? Here are the best options for Windows 10.

IT administrators use the sender’s IP address to search for particular emails. The IP address helps them recover a hacked account by tracing the location of the sender.

All of your emails that you send through have a header field called x-originating-ip.

At first glance, Microsoft has been using this feature for a few years. This is an older change that was already included in Outlook 365.

Twitter ser @ pranq5t3r who responded at the initial tweet the discussion continued:

It should also be noted that this happens in email clients with a provider that does not mask / remove the IP. Google, for example, gives an internal IP address when it uses them in a client. For providers that don’t, an add-on like TorBirdy in Thunderbird can provide a similar effect.

Office 365 creates a new rule

It should be noted that Office 365 admins can turn off this feature to remove the header in any way. They have the option to create a new rule in the Exchange admin center.

Another option is to hide your IP address using a VPN tool. Otherwise, anyone can track your location if you use the web client to send emails.


Leave a Reply

Your email address will not be published.