Microsoft recently announced they would begin blocking emails sent from vulnerable on-premises Exchange Servers to Exchange Online. Microsoft no longer supports these servers, so they no longer receive security updates and risk being hacked or breached. In 2022, cybercriminals targeted on-premises Exchange Servers with new zero-day attacks.
To reduce risk and encourage customers to upgrade to Exchange Online, Microsoft will begin throttling messages sent from older on-premises Exchange Servers starting with Exchange 2007 servers in June. Emails will arrive slower, causing a painful disruption to business processes.
What Will Happen to On-Premises Exchange Servers?
First, Microsoft has added a new report to the Exchange admin center in Exchange Online. It informs tenant administrators of any unsupported or out-of-date Exchange Servers operating in their environment that connect to Exchange Online to send emails. If your servers are listed, they will be throttled and blocked from future sending to Exchange Online customers.
If administrators do not take any action to upgrade their servers, Exchange Online will begin to throttle emails sent from on-premises Exchange Servers. The throttling will be progressive, starting with five minutes of throttling per hour and escalating gradually over 30 days to 20 minutes of throttling. This slowdown will prevent emails from being delivered promptly.
If its owner does nothing to upgrade the server during the 30-day throttling period, Exchange Online will block messages sent from vulnerable Exchange 2007 servers. Starting July 26, 2023, Exchange Online will block inbound traffic from obsolete Exchange 2007 servers. Customers using old on-premises Exchange Servers will no longer be able to send mail to Exchange Online customers.
This reporting, throttling, and blocking plan will eventually be rolled out to other legacy on-premises servers running older versions of Exchange, including Exchange 2010 and Exchange 2013.
What Do I Do to Protect My On-Premises Exchange Servers?
Microsoft recommends upgrading your server to Exchange Online to continue sending and receiving mail as usual. However, this process is complicated for certain businesses with complex deployments of exchange. Upgrades can be very time consuming and disruptive if not done very carefully. You may need more than ninety days’ notice to prepare for upgrades and/or migration. You can request a temporary pause from Microsoft, but it’s limited to an additional 90 days.
LuxSci offers another way to protect on-premises Exchange Servers. Using Secure Connector, you can route outgoing email through LuxSci’s SMTP mail servers, effectively anonymizing the sending source and allowing mail to be delivered as expected to Exchange Online customers. Secure Connector is easy to set up and will help hide what version of Exchange you are using from attackers to reduce the risk of a breach.
How Anonymous SMTP Works to Disguise the Sender’s Mail Programs
Microsoft can block mail from vulnerable on-premises Exchange servers because the mail headers reveal the sender’s email program, servers, and IP address. It can use the information in the headers to throttle and block messages. Routing your mail through LuxSci’s Authenticated SMTP (or Authenticated Secure SMTP) scrubs the message headers, removing all information about the sender’s IP address and email program. The message is then re-emailed to the intended recipients.
The recipients receive messages that appear the same, but now they can only track them back to LuxSci’s SMTP servers. They know who you are based on your email address and message content, but the recipient cannot review the headers to identify your IP address or email program.
Using Secure Connector’s SMTP anonymization features may be a good measure for organizations as they determine their next steps for upgrading vulnerable on-premises Exchange Servers. Secure Connector can also be used to futureproof your communications as cyber threats continue to rise. Contact LuxSci today to learn how we can help you secure your identity and maintain business operations.
