Exchange Online|Office|Office 365

Using Plus Email Addresses with Exchange Online

The Background of Plus Addressing

The idea of plus addressing has existed for many years. The idea is simple enough. An email address is divided into a local part (resolved within an organization) and a domain. The local part can be divided with a separator character (the plus sign) into the real username and a “sub-part” or suffix. To ensure interoperability between mail servers, vendors build products to comply with the recommendations laid down in the internet engineering task force “request for comments” (RFC) documents.

In this case, RFC 3696 lays down that the plus sign is one of the special characters supported by email addresses:

“Without quotes, local-parts may consist of any combination of alphabetic characters, digits, or any of the special characters   ! # $ % & ‘ * + – / = ?  ^ _ ` . { | } ~”

While RFC 5523 (from 2008) says:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

One common way of encoding ‘detail’ information into the local-part is to add a ‘separator character sequence’, such as “+”, to form a boundary between the ‘user’ (original local-part) and ‘detail’ sub-parts of the address, much like the “@” character forms the boundary between the local-part and domain.”

Plus addressing support for Exchange Online is now available in Office 365 tenants using targeted release. The deployment to all Office 365 tenants will be done in October 2020.

Processing Plus Addresses

When messages are delivered to a domain, the suffix is ignored for routing purposes and the message is delivered to the username specified to the left of the plus sign. For example, an address of [email protected] is delivered to the mail server. The server strips the plus sign and everything to the right of the address to deliver the message to the James.Ryan mailbox.

When James reads the message, he sees that the address used contained “+CompanyA.” If he only gave the address to CompanyA and the message originated from their domain, all is well. However, if the message came from another domain, it indicates that they obtained the address in some other way, and that might not be so good. In a nutshell, if you use plus addresses, you can quickly discover who is sharing your address with other companies, some of whom you might not want to have the address. Inbox rules can then be used to filter email sent to the compromised addresses or block them completely.

Implementing Plus Addresses in Exchange Online

Gmail has supported plus addressing for several years (here’s a good blog on the topic), so Exchange Online is late coming to the party and Exchange on-premises is positively antediluvian. When Microsoft announced that Exchange Online was to support plus addressing at the Ignite 2019 conference, they noted that the feature already worked in, but that it was “a bit trickier for Exchange Online,” before explaining that while it’s easy enough to parse an address including a plus sign and ignore anything to the right for routing purposes, some tenants had accounts with email addresses including plus signs.

It’s best practice to avoid using a plus sign in an email address assigned to an Exchange Online mailbox unless you intend using it for routing. The lack of plus addressing support in Exchange meant that people weren’t aware of the issue and went ahead to create problematic addresses.

If Microsoft had deployed plus addressing in Exchange Online without checking, those addresses would stop working or email would be delivered to the wrong mailbox. Before making users aware that plus addressing is possible, it’s wise to check if mailboxes have addresses including the plus sign so that they can be fixed.

Enabling Plus Addressing for a Tenant

The AllowPlusAddressInRecipients setting in the Exchange Online organization configuration has a default of False. This means that administrators can create and assign plus addresses to mailboxes (including shared mailboxes), but users can’t define their own plus addresses, which reduces the overall usefulness of plus addressing.

Gmail and users can create their own plus addresses as needed by simply adding the plus part to an address and giving it out. For instance, if your address is [email protected], you can tell people to send email to [email protected] and the mail will be delivered.

Consumer email services don’t have the same kind of corporate directory as Exchange Online has with Azure AD. The Exchange Online transport service checks any email sent to an Office 365 tenant against Azure AD and rejects it if the address cannot be found to belong to an account. To instruct transport to allow user-defined plus addresses, set AllowPlusAddressInRecipients to True:

Set-OrganizationConfig -AllowPlusAddressInRecipients $True

After the update, mailbox owners can take any of the SMTP addresses assigned to their mailbox and modify it by adding + and an appropriate suffix, just like you can do with Gmail and

Managing Plus Addresses for Exchange Online Mailboxes

A user-created plus address might be intended to be a one-time (or one web site) discardable address. For more permanent plus addressing, administrator can create and assign the address to mailboxes just like they do for any other address by editing mailbox properties using the old or new version (Figure 1) of the Exchange admin center (EAC) or with PowerShell.

Image 1 Expand
Figure 1: Assigning a plus address using the new version of the EAC (image credit: Tony Redmond)

Unfortunately, the Microsoft 365 admin center doesn’t currently support adding or editing a plus address to an account because the GUI won’t allow an address containing a plus sign (Figure 2). You can use the console to remove a plus address if one exists.

Image 2 Expand
Figure 2: Attempting to add a plus address in the Microsoft 365 admin center (image credit: Tony Redmond)

To assign a plus address with PowerShell, use the Set-Mailbox cmdlet to add the new address to the EmailAddresses property. For example:

Set-Mailbox -Identity James.Ryan -EmailAddresses @{add="[email protected]"}

Plus addresses can also be assigned via PowerShell to distribution groups (Set-DistributionGroup) and group mailboxes (Set-UnifiedGroup).

Using Plus Addresses

A plus address can be used like any other email address. People give their plus addresses to those who want to send them email. Messages are generated and delivered to Exchange Online, which strips the part after the plus sign and delivers the messages to the correct mailbox. Figure 3 shows a message from Gmail sent to a plus address. The only trace seen that a plus address was used is found by examining the message headers.

Image 3 Expand
Figure 3: A message sent by Gmail to a plus address delivered by Exchange Online (image credit: Tony Redmond)

Filling a Knowledge Gap

I’m sure that most email users aren’t aware of plus addressing and how useful these addresses can be. Perhaps more will try to use them now that Exchange Online has joined the plus party. I’m sure people expected Microsoft to ship the feature sooner following the Ignite 2019 announcement, but the inclusion of the ability for users to create their own plus addresses on the fly is a nice addition that justifies the delay.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “Using Plus Email Addresses with Exchange Online”

  1. <p>Hi and thank you for your great articles!</p><p>Can you confirm this feature is already working? I enabled it 5 days ago on our 365 tenant but I don’t receive emails if I use a plus address. </p><p>It’s working fine with my personal address.</p><p><br></p><p> Thank you,</p><p>Roberto</p>

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: