The Terry Zink Security Talk blog comes to an end

Please note: The Terry Zink Security Talk blog is being deprecated in March 2019 in order to focus our attention (and yours) to the vast amounts of information we already have on the support.office.com and the docs.microsoft.com sites. Some of you may have noticed that the amount that I post on this blog has lessened…

1

The unauthenticated sender ‘?’ comes to Outlook

Update: This blog post is being deprecated and information is being moved to support.office.com: Identify suspicious messages in Outlook.com and Outlook on the web   About a year ago, in Office 365, we released the feature that – similar to Gmail – Outlook Web Access stamps a ‘?’ in the sender photo when the message…


Chasing the (very) long tail of unauthenticated domains

One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that a certain domain that is owned by Microsoft is prone to spoofing because it does not have email authentication records – neither SPF, DKIM, nor DMARC. Because this can be used to spoof, it is a vulnerability. Microsoft Corporation owns…


A way to (sort of) approximate DMARC aggregate reports in Office 365

One of the most common questions people ask me is “How do you get Office 365 to send out DMARC aggregate and forensic reports?” This is followed by “When is Office 365 going to send out DMARC aggregate and forensic reports?” Office 365 doesn’t send out DMARC reports, nor is it on our public roadmap….


How to get images to load in Outlook.com, Office 365, and Outlook email clients

People sometimes ask me “How do I, as a sender into Office 365, get images to load by default? Every time I send, the images are blocked.” I’ve decided to finally answer that question so I don’t need to keep typing my response.   1. Images in Outlook.com load by default if you’re a good…