Office 365 increases its malicious URL coverage

Over the past two weeks, Office 365 (Exchange Online Protection) has improved its detection of spam, phishing and malware by increasing the number of URLs in its reputation lists. Two months ago we were at 750,000 URLs, we are now at 1.7 million – an increase of almost 100%! Secondly, we decreased the amount of…

1

Using DMARC in Office 365

Exchange Online Protection (EOP), also known as Office 365, will soon be supporting DMARC for authenticating email which is a feature designed to combat phishing and spoofing of email. If you’re unfamiliar with DMARC, here are a few links that explain it: My own blog post: A brief introduction to DMARC http://blogs.msdn.com/b/tzink/archive/2014/11/04/a-brief-introduction-to-dmarc.aspx My article for…

22

I am now helping out a little bit with Hotmail and outlook.com

One of the projects I will be working on going forward is helping out with some of the filtering with outlook.com. In case you haven’t heard, over the past few months Microsoft has merged together the spam filtering units responsible for protecting Office 365 (also known as Exchange Online Protection (EOP), formerly known as Forefront…

6

Gaining experience with encryption and key rotation

This year I’ve had the privilege of expanding some of my skill set in a field which I find fascinating, but also which I find I am woefully under-qualified to work in: Encryption. I like encryption. I’ve liked ever since my 4th year in university when I learned all about the mathematical properties behind it,…

2

Improving Backscatter detection with Boomerang

One of the features we have been working on in Office 365/Exchange Online Protection  (EOP) is called Boomerang which is a mechanism to better detect backscatter spam.   Image taken from here.   What is Backscatter? Backscatter spam occurs when a spammer spoofs your email address and sends it to a random person on the…

7

Why do I have to give up my email address in order to get discounts?

This weekend, I went shopping at random stores around the city where I live. For you see, my wife purchased a book of coupons and we decided to use some of them. We flipped through the book looking for ones we might like and found a few to stores we had never been to, nor…

4

Slideshow: A brief overview of how email over IPv6 works in Office 365

The following is a brief overview of how email over IPv6 works in Office 365, and why we are doing some of the things we are doing. Other services that also support email over IPv6 work similarly.   Source: A plan for email over IPv6 on Slideshare   Related Articles: Support for Anonymous Email over…

0

Slideshow: A brief introduction to DMARC

Below is a slideshow of a presentation about DMARC I did at this year’s Virus Bulletin conference in Seattle. It’s not that technical although I do use a few technical terms. However, even newcomers to email will be able to understand it.   Using DMARC to Improve Your Email Reputation from Terry Zink

1

An interview with William Binney, former NSA analyst and whistleblower

A few days ago, I posted my notes on Keith Alexander’s talk at MIRcon about the NSA. Today, here’s a blog post about the opposite point of view. Yesterday, I came across an interview with William Binney, a former NSA analyst who resigned from the agency in 2001. He is a whistleblower who, unlike Edward…

0

How to create Allow rules in Office 365 for senders over IPv6 (and also for IPv4)

Office 365 now permits anonymous inbound email over IPv6. Most of the functionality works the same in IPv4 as IPv6. However, there are some differences for inbound messages where customers want to allow messages from a particular domain or sender. Whereas in IPv4, customers could create IP Allow rules, this functionality does not exist in…

1

Support for anonymous inbound email over IPv6 in Office 365

Office 365 now supports anonymous inbound email over IPv6. In this case, “anonymous” means: The sending IPv6 address originates outside the service and is not in any customer’s settings (that is, not in any customer-specified connector) The sending IPv6 address has not been previously allow-listed by the service The sending connection is not sent over…

8

Former NSA Director Keith Alexander speaks at MIRcon 2014

Last week, I attend MIRcon, Mandiant’s conference on Advanced Persistent Threats. One of the keynote addresses was given by Keith Alexander, the former head of the NSA. I enjoyed his talk, it was a good one. What Others Are Saying Here is Kelly Jackson Higgins’ take on his talk, from an article on DarkReading. Everything…

1

Why does spam and phishing get through Office 365? And what can be done about it?

Introduction As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox We are working hard to ensure we don’t mistakenly mark good email as spam The question we…

21

Submitting spam back to Office 365

Office 365 (Exchange Online Protection) regularly asks customers to submit spam samples back so that we can improve the service. This information is also available here: Submitting spam and non-spam messages to Microsoft for analysis http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx This blog post is a visual step-by-step guide on how to submit spam back to Office 365 using a…

0