A way to (sort of) approximate DMARC aggregate reports in Office 365

One of the most common questions people ask me is “How do you get Office 365 to send out DMARC aggregate and forensic reports?” This is followed by “When is Office 365 going to send out DMARC aggregate and forensic reports?” Office 365 doesn’t send out DMARC reports, nor is it on our public roadmap….

0

The all-up guide (mostly) to cross-domain antispoofing protection in Office 365

If you haven’t seen it yet, we recently released Cross-Domain Antispoofing protection for our Advanced Threat Protection and E5 customers. You can read all about it here on our official support page (as opposed to this blog): Antispoofing in Office 365. This augments my previous blog post about intra-org (or self-to-self) spoofing, which is at http://aka.ms/AntispoofingInOffice365 (yes,…

0

How to get images to load in Outlook.com, Office 365, and Outlook email clients

People sometimes ask me “How do I, as a sender into Office 365, get images to load by default? Every time I send, the images are blocked.” I’ve decided to finally answer that question so I don’t need to keep typing my response.   1. Images in Outlook.com load by default if you’re a good…

0

Strategies for reducing crytocurrency’s trading friction (that don’t work that well)

Disclaimer – If you haven’t read my disclaimer yet, make sure you do so here. TL;DR version – Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a little bit of Bitcoin, Ethereum, and Cardano. So, over the past couple of weeks I’ve…

1

Cryptocurrency’s liquidity problem

It was only a week ago I wrote How do I know which cryptocurrencies will go up in value. It’s not easy, and is a lot of work. My personal view of cryptocurrency and blockchains that their social value lies in their utility – what problems do they solve, and how effectively do they it? At…

0

If you use Office 365 but your MX record doesn’t point to Office, you may want to close down your security settings

Even though it’s not a recommend configuration for our customers (in terms of spam filtering), some customers of Office 365 route their email through a competing spam filtering service in the cloud, or through an on-prem server. That is, the mail flow looks like this: I’ve written previously about the problems this can cause, see…

0

Will blockchain turn out to be another one of tech’s false prophets?

Disclaimer – If you haven’t read my disclaimer yet, make sure you do so here. TL;DR version – Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a little bit of Bitcoin and Ethereum. The promise certainly sounds good Blockchain promises us something…

0

How do I know which cryptocurrencies will go up in value?

Disclaimer – If you haven’t read my disclaimer yet, make sure you do so here. TL;DR version – Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a little bit of Bitcoin and Ethereum. As I’ve started learning more about blockchain and cryptocurrencies,…

1

Let’s talk about cryptocurrencies and blockchain

Disclaimer I’ve been thinking about writing this blog post for a while now. But I’ve deferred, thinking “I’m too much of a noob. What value can I possibly add to the discussion?” But that’s the point. When I’m not sure what I think, what I like to do is write things down to better organize…

0

Making sure your junk email filtering is enabled in Office 365

If you’re a user of Office 365 with a hosted mailbox, there may be times when a message ends up in your inbox despite the fact that it was marked as spam. When this occurs, it may be because you have (somehow) disabled junk mail filtering. When this occurs, email is still marked as spam,…

0

When creating support tickets about spam, be sure to include message headers

When users get spam and phishing messages in the inbox, we ask users to submit them back to us, using the instructions here: Submit spam, non-spam, and phishing scam messages to Microsoft for analysis. I explain why this is important in Why does spam and phishing get through Office 365? And what can be done…

0

How to securely add a sender to an allow list in Office 365

Background We sometimes see users creating allow rules, either through Exchange Transport Rules (ETRs), or Domain Allows, or Safe Senders, when they want to receive email from senders. However, they frequently do this insecurely; spammers then spoof the sending domain (or even the full email address) which skips all spam filtering and the message lands…

0

A short intro to how the Phishing Confidence Level (PCL) works

This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back in the olden days – 2007 or so – Exchange server used to have its own spam filter, Smartscreen. This was more-or-less the same spam filter running in Outlook.com. But whereas Smartscreen in Outlook.com (then known as…

1

Does SPF need an update to handle non-existent includes? I say yes.

Over the past month, my team and I have been going over logs in our system, looking for SPF PermErrors and trying to figure out how many we had, and the root cause of them. As it turns out, there are lots of things that cause a permanent SPF failure. The most common examples are…

3