Making sure your junk email filtering is enabled in Office 365

If you’re a user of Office 365 with a hosted mailbox, there may be times when a message ends up in your inbox despite the fact that it was marked as spam. When this occurs, it may be because you have (somehow) disabled junk mail filtering. When this occurs, email is still marked as spam,…

0

When creating support tickets about spam, be sure to include message headers

When users get spam and phishing messages in the inbox, we ask users to submit them back to us, using the instructions here: Submit spam, non-spam, and phishing scam messages to Microsoft for analysis. I explain why this is important in Why does spam and phishing get through Office 365? And what can be done…

0

How to securely add a sender to an allow list in Office 365

Background We sometimes see users creating allow rules, either through Exchange Transport Rules (ETRs), or Domain Allows, or Safe Senders, when they want to receive email from senders. However, they frequently do this insecurely; spammers then spoof the sending domain (or even the full email address) which skips all spam filtering and the message lands…

0

A short intro to how the Phishing Confidence Level (PCL) works

This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back in the olden days – 2007 or so – Exchange server used to have its own spam filter, Smartscreen. This was more-or-less the same spam filter running in Outlook.com. But whereas Smartscreen in Outlook.com (then known as…

1

Does SPF need an update to handle non-existent includes? I say yes.

Over the past month, my team and I have been going over logs in our system, looking for SPF PermErrors and trying to figure out how many we had, and the root cause of them. As it turns out, there are lots of things that cause a permanent SPF failure. The most common examples are…

3

A second update to the problem of email forwarding in Office 365

18 months ago, I wrote the following blog post: Why does my email from Facebook, that I forward from my outlook.com account, get rejected. 6 (ish) months ago, I provided an update at An update on the forwarding email problem in Office 365 where I said that we made a change such that Exchange Transport Rules…

4

How we got to enforce DMARC for sub-domains of Microsoft’s largest consumer email brands

I couldn’t believe it. I had been blind for ages. Why had I not seen it before? The month was August 2017, and none of Microsoft’s largest consumer email brands – msn.com, live.com, hotmail.com, and outlook.com – had DMARC reject records in place. Not one. As a result, we were still seeing lots and lots…

4

Blocking invalid From: addresses in Office 365

A couple of weeks ago, we made an announcement in Office 365 that we would be implementing stricter checks of the From: address, starting Nov 9, 2017. You can find that at How Office 365 validates the From: address to prevent phishing. I won’t repeat everything in that article as you can click and read…

1

Showing a question mark ‘?’ in the sender photo when a message is not authenticated

In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using authentication methods including SPF, DKIM, DMARC, and antispoofing. These techniques verify that the sender is who they say they are, and they are used to mark the message either as Junk Email, or deliver it to your Inbox. They sometimes…

7

Does DMARC need an update to handled branded TLDs? I say yes

Some background As I’ve said before, one of the things I like about DMARC is how I don’t have to specify a policy for every single domain that I own. To recap what I said in my other post, here’s the DMARC record of microsoft.com (I’ve removed the reporting addresses): microsoft.com | “v=DMARC1; p=reject; pct=100″…

5

Does SPF need an update so subdomains can inherit the policy of its organizational domain? I say yes

The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the policy of its organizational domain. For example, here’s the DMARC record of microsoft.com (I’ve removed the reporting addresses): microsoft.com | “v=DMARC1; p=reject; pct=100” There’s no subdomain policy, which means that the following domain which has no DMARC record:…

5

How we use the Certified Senders Alliance IP reputation list

If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their regular newsletter that Outlook.com and Office 365 is now a new ISP partner. What does that mean? Over here at Outlook.com and Office 365, we have a complicated relationships with good IP reputation lists. Outlook.com…

2

Should you warn users when they receive an external message?

I’ve been asked a few times what I think about organizations that add warnings to messages that their users receive when the message is sent to them from outside the organization. That is, some organizations create Exchange Transport Rules (ETRs) when the message is received outside the organization. This might look something like this: This…

0

Disabling unauthorized forwarding in Outlook.com

Over the past week, I’ve noticed an increase in user escalations asking to disable unauthorized forwarding. That is, they have a setting in their mailbox where their email is being forwarded to another account. Users can resolve this themselves: select Options > Mail > Automatic processing > Inbox and sweep rules. Then, look for any…

1