The common types of spear phish we see today

As 2015 draws near to a close, I thought I’d write a blog post about the type of spear phishes we are seeing lately against our customer base. This is not general brand phish like someone spoofing Paypal, but instead a phisher trying to impersonate your domain, for example, if the domain under attack is…

2

Exchange Online is rolling out default DKIM-signing to everyone

If you are a customer of Office 365 (Exchange Online Protection, or EOP), you may have noticed, or will be noticing, that we are adding DKIM signatures to your outgoing email, even if you haven’t explicitly enabled DKIM-signing for your domain (see instructions here: http://blogs.msdn.com/b/tzink/archive/2015/10/08/manually-hooking-up-dkim-signing-in-office-365.aspx). We are gradually rolling this out to everyone. If you…

6

DMARC one year later, and what have we learned?

It has been one year since I posted that Office 365 now supports inbound DMARC verification. What do we see in terms of how much mail it blocks in production? Well, we’ve learned a lot of things; some of it good, and some of it bad. I took a look at our network-wide statistics yesterday…

2

How I personally use Outlook with Office 365

Sometimes people ask me how they should configure Outlook and Office 365 (Exchange Online Protection, or EOP) so they work together in the best way. This is tough for me to recommend because it depends on the local set up. However, I can talk about how I personally use it. I am both a normal…

0

How Office 365 does automatic DKIM key rotation

As you can see from one of my other posts, Office 365 now lets you sign your outbound email with DKIM signatures. One of the key differences between how we do it and how almost every other service does it is that instead of requiring the customer to publish the public key in DNS (and…

8

Manually hooking up DKIM signing in Office 365

Note: This content also appears on our official documentation here, Use DKIM to validate outbound email sent from your domain in Office 365. Here’s how to enable DKIM signing for your domain if it is hosted in Office 365 (Exchange Online Protection). What steps do I have to take to enable DKIM? First, for each…

72

Combating spoofing

Three years ago, I wrote a blog post entitled Combating Phishing talking about what Exchange Online Protection (EOP) does to stop phishing messages [1]. Last year, I wrote one of my most popular blog posts entitled Why does spam and phishing get through Office 365, and what can be done about it? Recently, I wrote…

5

Analyzing the language of the Safe Links design of Advanced Threat Protection in Office 365

A couple of months ago, Office 365 released Advanced Threat Protection (ATP) for Exchange Online Protection. You can read more about that here: Exchange Online Advanced Threat Protection is now available https://blogs.office.com/2015/06/01/exchange-online-advanced-threat-protection-is-now-available/ You can read more about how to use it here: Getting started with Office 365 Advanced Threat Protection http://www.c7solutions.com/2015/06/getting-started-with-office-365-advanced-threat-protection I was the Program…

1

(Not) Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing

 Recently, I’ve noticed that sometimes customers in Office 365 will login to the Exchange Admin Center, go to Protection –> Spam Filter –> Advanced Options and enable the Advanced Spam Filtering (ASF) option for “SPF Hard Fail.”  The reason people do this is to stop messages from arriving into a customer’s organization that look like…

7

What is the best combination for your SPF record, DKIM record, and DMARC record?

Sometimes [1] people ask me what the best combination of SPF record is if they publish a DMARC record and DKIM record? How should we best present spoofing using authentication records that we publish in DNS? Here’s what I think. First, a domain should publish an SPF Hard Fail in its SPF record if they…

5

Podcast episode 6 – Facebook’s new PGP feature is nice, but…

Description A couple of weeks ago, Facebook released support for PGP, and that’s great. Facebook is a leader in the security space as they support SPF, DKIM, DMARC, and opportunistic TLS for email; https for standard browsing; and a Tor site for users who need secrecy. And now, they’ve added PGP support. The problem is…

0

Solving the problem of DMARC’s incompatibility with mailing lists – Part 1

One of the problems that the email filtering community still hasn’t solved with regards to DMARC is how to deal with the problem of mailing lists. You know, mailing lists. Those are those things that you subscribe to about a certain topic that contains a bunch of other people. When you email the list, your…

1