A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user (CVE-2021-1730).
To prevent these types of attacks, Microsoft recommends customers to download inline images from different URL than the rest of OWA.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730
Basically, you need to change both the external & internal download hostname to a different domain name.
