Default Enabling of Plus Addressing Might Affect Some Recipients
Update: Like many Microsoft 365 features, this one is delayed a tad. The latest deployment date appeares to be mid-April 2022.
In September 2020, Microsoft introduced the ability to use plus addressing in Exchange Online. Plus addressing is not a deep and dark email technique. It’s supported by consumer mail systems like Outlook.com and Gmail and many other email systems. Plus addressing means that users can send messages using their normal email address (like Chris.Bishop@Office365itpros.com) with an optional suffix separated by a plus characters. The suffix is an arbitrary tag selected by the user for whatever purpose they choose.
The biggest use of plus addressing is probably when people sign up for online services. Using a plus address allows the user to know if a service sells their address to another business. For instance, the person with the address shown above might use an address like Chris.Bishop+P365@Office365itpros.com to subscribe to the Practical 365 newsletter (Figure 1). Messages sent to the address go to the Office365itpros.com server, which strips the suffix from the message and delivers it to the mailbox with the Chris.Bishop@Office365itpros.com address. Later, if the user sees a message sent to the plus address from another source, they know that the sending domain has obtained it from the original service they signed up for.
Current Control for Plus Addressing
When Microsoft introduced plus addressing into Exchange Online, the capability was optional and controlled by the AllowPlusAddressInRecipients setting in the Exchange Online organization configuration. If $False, Exchange Online didn’t support user-initiated plus addressing and the only way to use a plus address was if an administrator created one as a proxy address for a mail-enabled recipient (mailbox, shared mailbox, Microsoft 365 group, or distribution list). In effect, when the setting is $False, Exchange Online doesn’t strip the plus segment from an address and attempts to match the complete address string against addresses in its directory.
User-initiated plus addressing means that individual users can choose the tags for plus addresses. To allow this, you need to update the AllowPlusAddressInRecipients setting to $True. Here’s how to update the setting with the Set-OrganizationConfig cmdlet:
Set-OrganizationConfig -AllowPlusAddressInRecipients $True
What’s changing now (MC276028, August 6) is that Microsoft plans to remove the optional organization setting to make plus addressing available by default in all tenants in January 2022. In other words, you won’t have to enable anything and plus addressing will be available to all users.
The reason for the five-month notice period is that enabling plus addressing throughout Exchange Online has a consequence for tenants where proxy addresses for plus addresses exist. As Microsoft says: “If you don’t stop using email addresses with plus signs (+), Exchange Online may be unable to deliver emails to them when plus addressing is turned on for the entire service.” This includes both hybrid and on-premises mailboxes.
Reporting Recipients with Proxy Addresses
Microsoft recommends that tenant administrators should remove any proxy addresses containing plus characters before January 2022 as Exchange Online will be unable to deliver email to these addresses. A quick way to find out if you’re affected is to run this code:
Get-Recipient -Filter 'emailaddresses -like "*+*"' | Format-Table Name, EmailAddresses
A more developed (aka useful) version of the command which isolates and reports the plus addresses is as follows:
[array]$Recipients = (Get-Recipient -Filter 'emailaddresses -like "*+*"' -ResultSize Unlimited | Select DisplayName, EmailAddresses, RecipientType, ExternalDirectoryObjectId)
If ($Recipients.Count -eq 0)
{ Write-Host "You're all set - no plus addresses can be found for mail-enabled recipients"; break}
Else
{ Write-Host ("{0} mail-enabled recipients found with plus addresses - analzying..." -f $Recipients.Count) }
$Report = [System.Collections.Generic.List[Object]]::new()
ForEach ($Recipient in $Recipients) {
ForEach ($Address in $Recipient.EmailAddresses) {
If ($Address -like "*+*") {
$ReportLine = [PSCustomObject][Ordered]@{ # Write out details of email address
User = $Recipient.DisplayName
Type = $Recipient.RecipientType
Address = $Address
ObjectId = $Recipient.ExternalDirectoryObjectId }
$Report.Add($ReportLine)
} # End if
} # End For Address
} #End For Recipient
$Report | Out-GridView
$Report | Export-CSV -NoTypeInformation "c:\temp\PlusAddresses.csv"
The output is on-screen (Out-GridView – Figure 2) plus a CSV file that we can use to check the addresses and remove them from the recipients to prepare for the change coming in January 2022.
Removing Proxy Addresses from Recipients
The code to read and remove plus addresses from recipients is straightforward. We import the CSV file and use a Switch to call the correct command to update the recipient based on its type. As you can see, the code accommodates user mailboxes, shared mailboxes, group mailboxes, and distribution lists.
$Addresses = Import-CSV "c:\temp\PlusAddresses.csv"
ForEach ($Address in $Addresses) {
Switch ($Address.Type) {
{ @("UserMailbox", "SharedMailbox") -contains $_ } {
Write-Host ("Removing address {0} from {1} {2}" -f $Address.Address, $Address.Type, $Address.User)
Set-Mailbox -Identity $Address.ObjectId -EmailAddresses @{Remove=$Address.Address} -ErrorAction SilentlyContinue }
"GroupMailbox" {
Write-Host ("Removing address {0} from {1} {2}" -f $Address.Address, $Address.Type, $Address.User)
Set-UnifiedGroup -Identity $Address.ObjectId -EmailAddresses @{Remove=$Address.Address} -ErrorAction SilentlyContinue }
"MailUniversalDistributionGroup" {
Write-Host ("Removing address {0} from distribution list {1}" -f $Address.Address, $Address.User)
Set-DistributionGroup -Identity $Address.ObjectId -EmailAddresses @{Remove=$Address.Address} -ErrorAction SilentlyContinue
}
} # End Switch
} # End ForEach
Write-Host "All done!"
After running the code to clean up the plus addresses from mail-enabled recipients, you shouldn’t notice any issues when Microsoft makes the big switch in January 2022. At least, that’s the theory!
Hi Tony,
Can you please tell if PlusAddressing is supported for Distribution Lists and Shared Mail addresses?
Thank you
Plus addressing appears to work for any mail-enabled object. It’s easy to test…
What is your suggestion for blocking a plus address?
That depends on the scenario. Do you mean, how can I block an address like jay.griffin+p365@burke.com being delivered? I’d use a transport rule. But why would you want to do this?
We’ve activated this and I see no way to determine if the email was originally sent to a user+text address. So no – you won’t be able to tell where the address came from…
It still has uses for aliases.
steve
Hi Tony
I assume that any legacy DNs that have a + in them will not cause issues when this is implemented, just SMTP addresses?
Thanks
Kerrie
I think you’re fine. I haven’t heard of any issues. Then again, I don’t have a legacy DN like that to test!
Thanks Tony. I do have a few legacy DNs in production but unfortunately none in our test environments.
Tony, do you know when this will be enabled?
I’m sure Microsoft will post an update when they enable plus addressing for all.
Hello,
Hello,
If I correctly understood, the plus addressing is ONLY working where the MX record or the incoming entry point for email is located in Exchange online . As we still have our MX record located in our on-premise gateway and all incoming emails are still going through our Email gateways, then the PLUS addressing will not work .
Could you confirm this ?
Thanks
Yep. Think about the situation. Plus addressing must be resolved by the MTA which handles inbound email. In your case, that’s an on-premises gateway. The gateway needs to be able to strip off the plus part of the address and route onwards using the remainder. If it can, you’re in luck. If not, you can’t use this feature.
I asked the engineers. Here’s what they said:
We expect most gateways to focus on the domain and not have any problems getting the email to EXO for delivery.
This is interesting. The issue might arise when a gateway does directory lookups to validate recipients before accepting or routing email. If they do, and a plus address isn’t resolvable by the gateway, you might have a problem which is what I alluded to in the first response.