The Terry Zink Security Talk blog comes to an end

Some of you may have noticed that the amount that I post on this blog has lessened over the years, and especially this year. This is not for lack of ideas, but simply lack of time to write good, in-depth articles. However, irrespective of that, this is my last blog post on this blog. After…

1

The unauthenticated sender ‘?’ comes to Outlook

Update: This blog post is being deprecated and information is being moved to support.office.com: Identify suspicious messages in Outlook.com and Outlook on the web   About a year ago, in Office 365, we released the feature that – similar to Gmail – Outlook Web Access stamps a ‘?’ in the sender photo when the message…


Chasing the (very) long tail of unauthenticated domains

One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that a certain domain that is owned by Microsoft is prone to spoofing because it does not have email authentication records – neither SPF, DKIM, nor DMARC. Because this can be used to spoof, it is a vulnerability. Microsoft Corporation owns…