.png?sv=2022-11-02&spr=https&st=2024-11-19T02%3A33%3A54Z&se=2024-11-19T02%3A43%3A54Z&sr=c&sp=r&sig=fXgUyp1m8%2FKsQFtp7eZiswtmpfH%2BUrAaLOzXXuyoK2A%3D){kind=logo}
Why do we set use RTF to never in Exchange Online?
- 16 Jan 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Why do we set use RTF to never in Exchange Online?
- Updated on 16 Jan 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Some customers ask why our configuration requires the Rich Text Format (RTF) to be disabled.
Rich Text Format (RTF) is not the same as HTML
A common confusion is to think that Microsoft's RTF is the same as HTML. They are completely different. Microsoft has deprecated RTF in favor of HTML. See below.
Microsoft Recommends using HTML rather than RTF
Rich Text Format (RTF) is a legacy proprietary email format that Microsoft created before HTML emails were popular. The short answer to why we recommend disabling it is that Microsoft recommends it.
"You can use RTF when you send messages inside an organization that uses Microsoft Exchange, but we recommend that you use the HTML format."Change the message format to HTML, Rich Text Format, or plain text
Outlook Web Access (OWA) cannot even send in RTF
Microsoft has decided to not support sending emails from OWA in RTF. OWA, however, is able to read RTF, but this is just for legacy support.
OWA Can read messages formatted in RTF, but can't format or send this format
OWA Can read messages formatted in RTF, but can't format or send this format
RTF Security Exploits
While your systems may already be up to date with the latest Microsoft patches, the RTF format opens up potential vectors for attack. We believe that over time, the RTF format will be phased out.
1) Here is an in-depth article about various exploits related to RTF/OLE:
Microsoft Rich Text Format is heavily used in the email attachments in phishing attacks. It has been gaining massive popularity and its wide adoption in phishing attacks is primarily attributed to the fact that it has an ability to contain a wide variety of exploits and can be used efficiently as a delivery mechanism to target victims.An Inside Look into Microsoft Rich Text Format and OLE Exploits
2) Here is an example security alert related to RTF within Outlook:
"Microsoft Outlook retrieves remote OLE content without prompting"Microsoft Outlook retrieves remote OLE content without prompting
Pesky winmail.dat attachments
One indication that your email message is in Rich Text Format (RTF) is if you see a winmail.dat attachment on an email. Here is an informative article on the logic used to determine when RTF is applied:
The TNEF conversion options for messages sent to external recipients are described in the following list from highest priority to lowest priority:
- Remote domain settings
- Mail user or mail contact settings
- Outlook settings
How content conversion happens in Exchange
Content conversion in Exchange Server
TNEF is not the same as RTF
TNEF and RTF are related but not exactly the same. However, it can get confusing because they are used interchangeably.
How TNEF and RTF are encoded
Was this article helpful?
