The Office 365 Web Mail app is leaking your IP address
2 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
You may not know it, but every time you send an e-mail from your computer, you are also revealing the location of your PC; as the IP address forms part of the header of the e-mail. To avoid this, many security-conscious users use webmail instead, which generally does not include this feature. In fact, in 2013 Microsoft explicitly removed the IP address from Hotmail, to improve the privacy of end-users.
The feature is also not supported in Gmail, Yahoo, AOL and Outlook.com. What potential corporate whistleblowers might not know, however; is that Office 365, unlike Outlook.com, does by default include your IP address, and shares it to anyone you send an e-mail to.
The feature was included on purpose by Microsoft, to allow enterprise administrators to search for e-mails by IP address. Reportedly, this is useful in finding the location of a sender in the event that the account has been hacked.
Office admins do have the ability to disable this feature by creating a new rule in the Exchange admin centre that removes the header. For everyone else, you should probably know that if you plan to pretend to be working from home, sending e-mails using the web client is not going to fool anyone.
Source: bleepingcomputer
User forum
0 messages