Microsoft's Bold Move to Ensure Email Security: Blocking Outdated Servers

If you use Exchange Online you're about to start missing out on some emails.

And if you have your own Exchange Server, your emails could get blocked if you don't keep your server patched.

It's down to a bold decision from Microsoft. It has decided to have Exchange Online throttle and block emails from 'persistently vulnerable Exchange Servers.'

Which Versions of Exchange Will Be Throttled and Blocked By Exchange Online?

The block will initially affect emails received from Exchange Server 2007. But Microsoft intends to add Exchange Server 2010 and Exchange Server 2013 to the block list later.

Mail servers running Exchange Server 2016 and Exchange Server 2019 will also be blocked if the server is 'significantly behind on security updates.'

Exchange Online accounts for over 30% of hosted email accounts, so these blocks will begin to cause significant deliverability issues for many organisations running an out-of-date Exchange server.

Initially, the changes will only affect servers that connect to Exchange Online over an inbound connector of type 'OnPremises', though Microsoft intends to eventually widen this to ALL Exchange Servers sending email to Exchange Online via any connection type.

Isn't This Approach Rather Bold?

Yes. Microsoft has effectively decided to make a million of its customers reject valid emails from certain other Microsoft customers in the hope that delivery problems will prompt the latter group into belatedly addressing their security vulnerabilities.

Exchange Server 2007 support ended in 2017, so hasn't been entitled to security patches for six years.

Exchange Server 2010 support ended in late 2020, so it hasn't been entitled to security patches for over two years.

Exchange Server 2013 is over a decade old and no longer eligible for security patches as of 11th April 2023.

Doing nothing about these insecure mail servers might be some IT manager's preferred option, but it's not in their long-term interests.

Many email servers are reachable by anyone on the Internet - including hackers - and contain data that could be used to conduct phishing attacks on customers and suppliers. Not patching such servers for years is asking for trouble - both for those running the insecure mail servers and those receiving malicious emails from servers that have been hacked.

How will Exchange Online's throttling / blocking work?

• Day 00-29: No throttling.
• Day 30-39: 05/min/hr throttling.
• Day 40-49: 10/min/hr throttling.
• Day 50-59: 20/min/hr throttling.
• Day 60-69: 30/min/hr throttling, 05 min/hr blocking.
• Day 70-79: 30/min/hr throttling, 10 min/hr blocking.
• Day 80-89: 30/min/hr throttling, 20 min/hr blocking.
• Day 90: Total block.

As of May 2023, Microsoft has yet to indicate when the throttling of emails from Exchange Server 2010 and Exchange Server 2013 will begin.

What Should I Do To Avoid My Emails Being Blocked?

If you're running Exchange Server 2013, 2010, or 2007, upgrade to Exchange Server 2019 or a hosted email service such as Exchange Online.

In the case of Exchange Server 2019, you'll receive security patches until at least 2029.

In the case of Exchange Online, the service is patched for you as long as you subscribe.

Keeping Your Email and Web Traffic Safe

As a Microsoft partner, hSo can provide you with the licenses you need to use Exchange Online. That will ensure your mail servers are promptly patched, without you having to do anything.

Exchange Online is typically bought as part of Microsoft 365, so you may also get SharePoint Online document sharing, OneDrive file-syncing, plus popular Microsoft Office apps Word, Excel, PowerPoint, and Teams.

Keeping your email server secure is just one element of protecting your organisation. Another important element is filtering your LAN, WAN, and VPN traffic to protect users from malicious websites and inappropriate content.

hSo's Unified Threat Management service can help keep your staff safe from problematic websites. It can also help you spot and control problematic shadow IT such as unauthorised file-sharing apps.

If you'd like to learn more about switching to Exchange Online or protecting your network's users, please call us on 020 7847 4510 or fill in the form below.