EOP 如何驗證寄件者位址以避免網路釣魚How EOP validates the From address to prevent phishing


改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

適用於Applies to

網路釣魚攻擊是對任何電子郵件組織造成的持續威脅。Phishing attacks are a constant threat to any email organization. 除了使用 冒牌 (偽造) 寄件者電子郵件地址,攻擊者通常會使用來自于網際網路標準的「寄件者」位址值。In addition to using spoofed (forged) sender email addresses, attackers often use values in the From address that violate internet standards. 為了協助防止此類型的網路釣魚,Exchange Online Protection (EOP) 和 Outlook.com 現在要求輸入郵件包含與 RFC 相容的來源位址(如本文所述)。To help prevent this type of phishing, Exchange Online Protection (EOP) and Outlook.com now require inbound messages to include an RFC-compliant From address as described in this article. 此強制已于2017年11月啟用。This enforcement was enabled in November 2017.


  • 如果您定期收到的電子郵件來自于本文所述的位址錯誤的組織,請鼓勵這些組織更新他們的電子郵件伺服器,以遵守新式安全性標準。If you regularly receive email from organizations that have malformed From addresses as described in this article, encourage these organizations to update their email servers to comply with modern security standards.

  • 「傳送代理者」和「郵寄清單」使用的相關寄件者欄位 () 不會受到這些需求的影響。The related Sender field (used by Send on Behalf and mailing lists) isn't affected by these requirements. 如需詳細資訊,請參閱下列博客文章: 當我們參考電子郵件的「寄件者」時,這是什麼意思?For more information, see the following blog post: What do we mean when we refer to the 'sender' of an email?.

電子郵件訊息標準的概覽An overview of email message standards

標準 SMTP 電子郵件由「郵件信封」(Message Envelope) 和郵件內容組成。A standard SMTP email message consists of a message envelope and message content. 郵件信封包含在 SMTP 伺服器之間傳輸及傳遞郵件所需的資訊。The message envelope contains information that's required for transmitting and delivering the message between SMTP servers. 郵件內容包含統稱為 (「郵件標頭」) 的郵件標頭欄位和郵件內容。The message content contains message header fields (collectively called the message header) and the message body. Rfc 5321會說明郵件信封,而rfc 5322中說明郵件頭。The message envelope is described in RFC 5321, and the message header is described in RFC 5322. 收件者永遠不會看到實際的郵件信封,因為它是由郵件傳輸程式所產生,而且實際上不是郵件的一部分。Recipients never see the actual message envelope because it's generated by the message transmission process, and it isn't actually part of the message.

  • 5321.MailFrom 位址 (也稱為「 郵件來自 位址」、「P1 寄件者」或「信封寄件者」) 是在郵件的 SMTP 傳輸中使用的電子郵件地址。The 5321.MailFrom address (also known as the MAIL FROM address, P1 sender, or envelope sender) is the email address that's used in the SMTP transmission of the message. 這個電子郵件地址通常會記錄在郵件頭的 [傳回 路徑 標頭] 欄位中 (不過,寄件者可能會指定不同的傳回 路徑 電子郵件地址) 。This email address is typically recorded in the Return-Path header field in the message header (although it's possible for the sender to designate a different Return-Path email address).

  • 5322.From (也稱為 from address 或 P2 sender) 是電子郵件地址 的收 件者標頭欄位,也就是顯示在電子郵件客戶程式中的寄件者電子郵件地址。The 5322.From (also known as the From address or P2 sender) is the email address in the From header field, and is the sender's email address that's displayed in email clients. [寄件者] 位址是本文中需求的重點。The From address is the focus of the requirements in this article.

「寄件者」位址會在多個 Rfc (中詳細定義,例如 RFC 5322 區段3.2.3、3.4 及3.4.1,以及 rfc 3696) 。The From address is defined in detail across several RFCs (for example, RFC 5322 sections 3.2.3, 3.4, and 3.4.1, and RFC 3696). 定址的情況有許多變化,且被視為有效或無效。There are many variations on addressing and what's considered valid or invalid. 為了簡化,我們建議您遵循下列格式及定義:To keep it simple, we recommend the following format and definitions:

From: "Display Name" <EmailAddress>

  • 顯示名稱:說明電子郵件地址擁有者的選用片語。Display Name: An optional phrase that describes the owner of the email address.

    • 建議您永遠以雙引號括住顯示名稱 ( ") 如圖所示。We recommend that you always enclose the display name in double quotation marks (") as shown. 如果顯示名稱包含逗號,則 必須 在每個 RFC 5322 的雙引號內加上單引號。If the display name contains a comma, you must enclose the string in double quotation marks per RFC 5322.
    • 如果 [寄件者] 位址包含顯示名稱,則 EmailAddress 值必須用角括弧括住 (< >) 如圖所示。If the From address includes a display name, the EmailAddress value must be enclosed in angle brackets (< >) as shown.
    • Microsoft 強烈建議您在顯示名稱和電子郵件地址之間插入空格。Microsoft strongly recommends that you insert a space between the display name and the email address.
  • EmailAddress:電子郵件地址使用下列格式 local-part@domainEmailAddress: An email address uses the format local-part@domain:

    • 本機部分:識別與位址相關聯之信箱的字串。local-part: A string that identifies the mailbox associated with the address. 此值在網域內是唯一的。This value is unique within the domain. 通常會使用信箱擁有人的使用者名稱或 GUID。Often, the mailbox owner's username or GUID is used.
    • domain:主控電子郵件地址的本機部分所識別之信箱的電子郵件伺服器的完整功能變數名稱 (FQDN) 。domain: The fully qualified domain name (FQDN) of the email server that hosts the mailbox identified by the local-part of the email address.

    以下是 EmailAddress 值的一些額外考慮:These are some additional considerations for the EmailAddress value:

    • 只有一個電子郵件地址。Only one email address.
    • 建議您不要以空格分隔角括弧。We recommend that you do not separate the angle brackets with spaces.
    • 不要在電子郵件地址後包含其他文字。Don't include additional text after the email address.

有效和無效寄件者位址的範例Examples of valid and invalid From addresses

下列寄件者的電子郵件地址是有效的:The following From email addresses are valid:

  • From: sender@contoso.com

  • From: <sender@contoso.com>

  • From: < sender@contoso.com > 因為角括弧和電子郵件地址之間有空格,所以不建議 (。 ) From: < sender@contoso.com > (Not recommended because there are spaces between the angle brackets and the email address.)

  • From: "Sender, Example" <sender.example@contoso.com>

  • From: "Microsoft 365" <sender@contoso.com>

  • From: Microsoft 365 <sender@contoso.com> 不建議使用 (因為顯示名稱不是以雙引號括住。 ) From: Microsoft 365 <sender@contoso.com> (Not recommended because the display name is not enclosed in double quotation marks.)

下列寄件者電子郵件地址無效:The following From email addresses are invalid:

  • 沒有寄件者位址:部分自動化郵件不包含寄件者位址。No From address: Some automated messages don't include a From address. 過去,當 Microsoft 365 或 Outlook.com 收到沒有寄件者位址的郵件時,此服務會新增下列預設值: address,使郵件可傳送:In the past, when Microsoft 365 or Outlook.com received a message without a From address, the service added the following default From: address to make the message deliverable:

    From: <>

    現在,已不再接受來自位址為空白的郵件。Now, messages with a blank From address are no longer accepted.

  • From: Microsoft 365 sender@contoso.com (顯示名稱已存在,但是電子郵件地址不是以角括弧括住。 ) From: Microsoft 365 sender@contoso.com (The display name is present, but the email address is not enclosed in angle brackets.)

  • From: "Microsoft 365" <sender@contoso.com> (Sent by a process) (的電子郵件地址後的文字。 ) From: "Microsoft 365" <sender@contoso.com> (Sent by a process) (Text after the email address.)

  • From: Sender, Example <sender.example@contoso.com> (顯示名稱包含逗點,但沒有以雙引號括住。 ) From: Sender, Example <sender.example@contoso.com> (The display name contains a comma, but is not enclosed in double quotation marks.)

  • From: "Microsoft 365 <sender@contoso.com>" (整個值都錯誤地用雙引號括住。 ) From: "Microsoft 365 <sender@contoso.com>" (The whole value is incorrectly enclosed in double quotation marks.)

  • From: "Microsoft 365 <sender@contoso.com>" sender@contoso.com (顯示名稱已存在,但是電子郵件地址不是以角括弧括住。 ) From: "Microsoft 365 <sender@contoso.com>" sender@contoso.com (The display name is present, but the email address is not enclosed in angle brackets.)

  • From: Microsoft 365<sender@contoso.com> (顯示名稱和左邊的角括弧之間沒有空格。 ) From: Microsoft 365<sender@contoso.com> (No space between the display name and the left angle bracket.)

  • From: "Microsoft 365"<sender@contoso.com> (的右雙引號和左邊的角括弧之間沒有空格。 ) From: "Microsoft 365"<sender@contoso.com> (No space between the closing double quotation mark and the left angle bracket.)

抑制您的自訂網域的自動回復Suppress auto-replies to your custom domain

您無法使用此值 From: <> 來抑制自動回復。You can't use the value From: <> to suppress auto-replies. 相反地,您必須為您的自訂網域設定空的 MX 記錄。Instead, you need to set up a null MX record for your custom domain. 自動回復 (和所有回復) 會以自然抑制,因為回應伺服器無法傳送郵件的發行位址。Auto-replies (and all replies) are naturally suppressed because there is no published address that the responding server can send messages to.

  • 選擇無法接收電子郵件的電子郵件網域。Choose an email domain that can't receive email. 例如,如果您的主要網域是 contoso.com,您可以選擇 [noreply.contoso.com]。For example, if your primary domain is contoso.com, you might choose noreply.contoso.com.

  • 此網域的 null MX 記錄是由單一句點所組成。The null MX record for this domain consists of a single period.

例如:For example:

noreply.contoso.com IN MX .

如需設定 MX 記錄的詳細資訊,請參閱 在 Microsoft 365 的任何 DNS 主機服務提供者中建立 dns 記錄For more information about setting up MX records, see Create DNS records at any DNS hosting provider for Microsoft 365.

如需有關發佈 null MX 的詳細資訊,請參閱 RFC 7505For more information about publishing a null MX, see RFC 7505.

從位址強制覆寫Override From address enforcement

若要略過輸入電子郵件的寄件者位址需求,您可以使用 IP 允許清單 (連線篩選) 或郵件流程規則 (也稱為 transport rules) 如在 Microsoft 365 中建立安全的寄件者清單中所述。To bypass the From address requirements for inbound email, you can use the IP Allow List (connection filtering) or mail flow rules (also known as transport rules) as described in Create safe sender lists in Microsoft 365.

您無法覆寫從 Microsoft 365 傳送的輸出電子郵件的寄件者位址需求。You can't override the From address requirements for outbound email that you send from Microsoft 365. 此外,Outlook.com 將不允許任何類型的覆寫(甚至是透過支援)。In addition, Outlook.com will not allow overrides of any kind, even through support.

在 Microsoft 365 中防止及防禦 cybercrimes 的其他方式Other ways to prevent and protect against cybercrimes in Microsoft 365

如需如何強化組織抵禦網路釣魚、垃圾郵件、資料違例及其他威脅的詳細資訊,請參閱 保護 Microsoft 365 for business 方案的前10種方式For more information on how you can strengthen your organization against phishing, spam, data breaches, and other threats, see Top 10 ways to secure Microsoft 365 for business plans.