Why do we set use RTF to never in Exchange Online?
  • 16 Jan 2024
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Why do we set use RTF to never in Exchange Online?

  • Dark
    Light
  • PDF

Article summary

Some customers ask why our configuration requires the Rich Text Format (RTF) to be disabled.

Rich Text Format (RTF) is not the same as HTML

A common confusion is to think that Microsoft's RTF is the same as HTML. They are completely different. Microsoft has deprecated RTF in favor of HTML. See below.

Microsoft Recommends using HTML rather than RTF

Rich Text Format (RTF) is a legacy proprietary email format that Microsoft created before HTML emails were popular. The short answer to why we recommend disabling it is that Microsoft recommends it.

"You can use RTF when you send messages inside an organization that uses Microsoft Exchange, but we recommend that you use the HTML format."

Change the message format to HTML, Rich Text Format, or plain text

Outlook Web Access (OWA) cannot even send in RTF

Microsoft has decided to not support sending emails from OWA in RTF. OWA, however, is able to read RTF, but this is just for legacy support.

OWA Can read messages formatted in RTF, but can't format or send this format

Message format and transmission in Exchange Online

OWA Can read messages formatted in RTF, but can't format or send this format

RTF Security Exploits

While your systems may already be up to date with the latest Microsoft patches, the RTF format opens up potential vectors for attack. We believe that over time, the RTF format will be phased out. 

1) Here is an in-depth article about various exploits related to RTF/OLE:

Microsoft Rich Text Format is heavily used in the email attachments in phishing attacks. It has been gaining massive popularity and its wide adoption in phishing attacks is primarily attributed to the fact that it has an ability to contain a wide variety of exploits and can be used efficiently as a delivery mechanism to target victims.

An Inside Look into Microsoft Rich Text Format and OLE Exploits

2) Here is an example security alert related to RTF within Outlook:

"Microsoft Outlook retrieves remote OLE content without prompting"

Microsoft Outlook retrieves remote OLE content without prompting

Pesky winmail.dat attachments

One indication that your email message is in Rich Text Format (RTF) is if you see a winmail.dat attachment on an email.  Here is an informative article on the logic used to determine when RTF is applied:

The TNEF conversion options for messages sent to external recipients are described in the following list from highest priority to lowest priority:

  1. Remote domain settings
  2. Mail user or mail contact settings
  3. Outlook settings

Exchange Server: TNEF conversion options

How content conversion happens in Exchange

Content conversion in Exchange Server

TNEF is not the same as RTF

TNEF and RTF are related but not exactly the same.  However, it can get confusing because they are used interchangeably.

How TNEF and RTF are encoded


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence