Microsoft: Blocking Email from Persistently Vulnerable Exchange Servers

Microsoft recently posted that their Exchange Online servers (which I think also includes Microsoft 365/Office 365, basically any business email cloud-hosted by Microsoft) will soon block mail from old, unpatched Microsoft Exchange servers.

Unlike the recent DMARC changes for Microsoft OLC, this likely has no impact to email marketing senders. Few email marketers are using years-old versions of self-hosted Microsoft Exchange for sending email messages.

This does likely have a positive impact on the email ecosystem as a whole, though. Setting aside the snark of Microsoft (new, cloud) blocking Microsoft (old, on premise) servers, rejecting mail from servers that are (or could be) engaging in potentially bad acts is a good way to protect users from malware, phishing and spam, and hopefully will also nudge admins of those outdated servers to either upgrade them or shut them down, which will eliminate them as spam and phish vectors, making all of our inboxes a tiny bit more secure than they were before.

Here's more on the topic from Bleeping Computer.

It's not clear to me if Microsoft OLC ( will similarly block mail from these outdated Exchange servers. I recall Microsoft telling me that the hardware infrastructure is the same for both Microsoft OLC (consumer email) and Microsoft 365/Office 365 (business email) but that they run different security and spam filtering engines. Do you know? Share your expertise in the comments below.

Post a Comment