User’s IP Address is Exposed by Microsoft Office 365: If not, You Are Lucky


People all over the world are using Microsoft Office 365. Recent reports have mentioned that if you are using the Office 365 interface to hide your IP address, you are not hiding anything. In case you can hide it, consider yourself lucky. This is an automated feature of Office 365 where your local IP address will be inserted in the message indicating an extra mail header. People tend to implement secure gateways to reply to strangers but currently, it has been revealed that your local IP address is exposed through Office 365.

BleepingComputer has taken an initiative to test the webmail interfaces for Yahoo, Google, Office 365, AOL, and It was found that unlike the other webmail interfaces, Office was the one to inject the user’s local IP address. However, the solution to hide your IP address constitutes using a Tor or VPN while using Office 365. Using a Tor or VPN will eliminate your local IP address and add the service’s IP address instead.

Steps had been taken by Microsoft in 2013, where the x-originating-ip header was removed from Hotmail. This was done to provide a safer platform for users. Not just security, this initiative was taken to maintain the privacy of the user.

authentication-results: spf=none (sender IP is )
x-originating-ip: [23.xx.xx.xx]
x-ms-publictraffictype: Email

The reports have revealed that the header was intentionally left to assist the admins. This feature was designed to find the location of the sender under the scenario when an account has been hacked.

Furthermore, if you are an Office 365 user and you wish to discontinue the use of this header, you can create a new rule. This rule can be created in the Exchange admin center that enables to discontinue the use of header.

However, all should enable the header for privacy and security purpose.