locked
Strip Message-ID header from outgoing messages (Exchange Online) RRS feed

  • Question

  • Have just encountered this transport rule at an organization that recently migrated from Exchange on-prem to Exchange Online. They are stripping the Message-ID header on all outgoing messages.

    They have this rule in their transport rules:

    If the message is sent to 'Outside the organization'...

    Do the following... Remove this header 'Message-ID'...

    Rule-mode Enforce 

    Additional properties Sender address matches: header

    From what I can glean, some administrators used to do this to hide the hostnames of their on-premise Exchange servers (security by obscurity.) But this seems useless with Exchange Online and might even break things like message threading. Also seems like it might violate RFCs although my understanding is that an SMTP server will auto-generate a message ID header when one is missing.

    Thoughts?

    Thanks

    Rob Macfarlane

    Avaleris, Inc.

    Tuesday, September 24, 2019 1:37 PM

Answers

  • Hi Rob,

    >> But this seems useless with Exchange Online and might even break things like message threading. Also seems like it might violate RFCs

    I agree with this part. Besides, removing the header will be difficult for troubleshooting. EOP is enough to help protect your Exchange online org.

    In a word, such transport rule is not necessary.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    • Edited by Manu Meng Wednesday, September 25, 2019 8:45 AM
    • Proposed as answer by Manu Meng Thursday, September 26, 2019 10:00 AM
    • Marked as answer by Rob Macfarlane Friday, September 27, 2019 12:24 PM
    Wednesday, September 25, 2019 7:55 AM

All replies

  • Hi Rob,

    >> But this seems useless with Exchange Online and might even break things like message threading. Also seems like it might violate RFCs

    I agree with this part. Besides, removing the header will be difficult for troubleshooting. EOP is enough to help protect your Exchange online org.

    In a word, such transport rule is not necessary.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    • Edited by Manu Meng Wednesday, September 25, 2019 8:45 AM
    • Proposed as answer by Manu Meng Thursday, September 26, 2019 10:00 AM
    • Marked as answer by Rob Macfarlane Friday, September 27, 2019 12:24 PM
    Wednesday, September 25, 2019 7:55 AM
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards, 

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, September 27, 2019 11:01 AM