A new report has surfaced online exposing a surprising revelation about the web version of the Microsoft office 365 email. According to the report revealed that Office 365 web app is leaking the IP addresses of its users though email. To be clear, the app is injecting the local IP address of the users inside the emails under an extra header. The report also highlighted that Office 365 is the only webmail service to inject the local IP address in emails. It even went ahead to confirm this by testing the webmail interfaces from OUTLOOK.COM, AOL, Yahoo,Gmail, and Office 365.
Microsoft Office 365 webmail IP exposing details
According to a comprehensive report by Bleeping Computer,Office 365 webmail users are exposing their IP addresses through email. Microsoft Office 365 does not inform its users about this. Digging deeper, the report revealed that the webmail app injects the IP address under the “x-originating-ip” header in the email. Interestingly, the report also noted that this is not really a bug but an enterprise level feature. The report revealed that Microsoft removed the header from Hotmail back in 2013. Before 2013, the “x-originating-ip” tag was present in the official consumer version of Hotmail. Microsoft clarified that it removed this tag to improve “the online safety and Security of its users”.