The Terry Zink Security Talk blog comes to an end

Please note: The Terry Zink Security Talk blog is being deprecated in March 2019 in order to focus our attention (and yours) to the vast amounts of information we already have on the support.office.com and the docs.microsoft.com sites. Some of you may have noticed that the amount that I post on this blog has lessened…

1

The unauthenticated sender ‘?’ comes to Outlook

Update: This blog post is being deprecated and information is being moved to support.office.com: Identify suspicious messages in Outlook.com and Outlook on the web   About a year ago, in Office 365, we released the feature that – similar to Gmail – Outlook Web Access stamps a ‘?’ in the sender photo when the message…


Chasing the (very) long tail of unauthenticated domains

One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that a certain domain that is owned by Microsoft is prone to spoofing because it does not have email authentication records – neither SPF, DKIM, nor DMARC. Because this can be used to spoof, it is a vulnerability. Microsoft Corporation owns…