Why do we set "use RTF" to never in Exchange Online?

Some customers ask why our configuration requires the Rich Text Format (RTF) to be disabled.

Microsoft's recommendation

Rich Text Format (RTF) is a legacy proprietary email format that Microsoft created before HTML emails were popular. The short answer on why we recommend disabling it is that Microsoft recommends it. Please see this article:

"You can use RTF when you send messages inside an organization that uses Microsoft Exchange, but we recommend that you use the HTML format."


Added security benefit

While your systems may already be up to date with the latest Microsoft patches, the RTF format opens up potential vectors for attack. We believe that over time, the RTF format will be phased out. Here is an example security alert related to RTF within Outlook:

"Microsoft Outlook retrieves remote OLE content without prompting"