Consider the following scenario:
You have a mail-enabled public folder in a Microsoft Exchange Server 2013 environment.
You remove the Default and Anonymous permissions of the public folder.
An unauthorized user sends an email message to the public folder.
In this scenario, the public folder accepts the email message unexpectedly.
To resolve this issue, install the following cumulative update:
2961810 Cumulative Update 6 for Exchange Server 2013
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.