M365 Changelog: Reject multiple From addresses (P2 From headers) without a Sender header – Sep 10, 2024

Summary

Starting October 15th, Exchange Online will reject emails with multiple From addresses without a Sender header, to comply with RFC 5322. Organizations should ensure a single address in the Sender header to avoid non-delivery reports (NDRs) with error code 550 5.1.20. Feedback on this change is welcomed.

MC886603 – Starting October 15th, we’re going to start gradually dropping messages that have multiple From addresses (also known as P2 From headers) without a Sender header from being sent via Exchange Online.

Microsoft doing this to comply with RFC 5322 (https://www.rfc-editor.org/rfc/rfc5322#section-3.6.2) which mandates the Sender header to be present and contain a single address if the From header has more than one address. Noncompliance with this could be exploited by attackers, allowing them to impersonate a sender address by misleading the client into using the From header to determine the sender instead of the Sender header.

When this will happen:

October 15, 2024

How this affects your organization:

If email clients including devices and applications that you use to send messages, do so using multiple From addresses but without a Sender address header after October 15th, you will get an NDR error code 550 5.1.20 “Multiple From addresses are not allowed without Sender address’”.

What you can do to prepare:

When this change is in effect, if you need to send a message that has more than one email address in the From field, make sure that you have a single email address in the Sender header.

If you expect this change to cause any issues for your organization, please share that feedback.