I think I finally thought of something relevant to cybersecurity and my last post on why we should study art. This may be a stretch, but read on and tell me what you think. Every once in a while, a newbie to the world of fighting spam comes into one of the discussion lists or…
Tag: Education
How I personally use Outlook with Office 365
Sometimes people ask me how they should configure Outlook and Office 365 (Exchange Online Protection, or EOP) so they work together in the best way. This is tough for me to recommend because it depends on the local set up. However, I can talk about how I personally use it. I am both a normal…
Analyzing the language of the Safe Links design of Advanced Threat Protection in Office 365
A couple of months ago, Office 365 released Advanced Threat Protection (ATP) for Exchange Online Protection. You can read more about that here: Exchange Online Advanced Threat Protection is now available https://blogs.office.com/2015/06/01/exchange-online-advanced-threat-protection-is-now-available/ You can read more about how to use it here: Getting started with Office 365 Advanced Threat Protection http://www.c7solutions.com/2015/06/getting-started-with-office-365-advanced-threat-protection I was the Program…
In Malaysia this upcoming July? Maybe check out the 5th Annual Cybersecurity for Government Summit 2015
I don’t talk about upcoming conferences that much on this blog, but this one I am doing by special request of one of my readers: The 5th Annual Cybersecurity for Government Summit 2015 behind held in the city of Sepang Utara in Malaysia from July 29-31, 2015. I understand the threat landscape in North America…
I am thinking of starting a podcast
For several months now, I have been thinking about starting a podcast – Terry Zink: Security Talk (which coincidentally happens to be the name of this blog). I’ve been toying with this idea since summer of 2014. I’ve put it off because I am not sure I have enough content or if I want to…
Why does spam and phishing get through Office 365? And what can be done about it?
Introduction As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox We are working hard to ensure we don’t mistakenly mark good email as spam The question we…
Submitting spam back to Office 365
Office 365 (Exchange Online Protection) regularly asks customers to submit spam samples back so that we can improve the service. This information is also available here: Submitting spam and non-spam messages to Microsoft for analysis http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx This blog post is a visual step-by-step guide on how to submit spam back to Office 365 using a…
According to the World Economic Forum, I am helping to fight the seventh most dangerous global risk
This is going to be a long post. How I spent my weekend This weekend I took a quick glance at the World Economic Forum’s Global Risks for 2014 report. The WEF is a Swiss nonprofit foundation that describes itself as an international organization that is dedicated to improving the state of the world by…
Understanding how Exchange Transport Rules work on the Sender
One of the more powerful features in Exchange Online Protection (EOP) are Exchange Transport Rules, also known as ETRs. These have a variety of functionality but the one I want to focus on is how they operate on the sender of a message. The following web pages describes the predicates of an ETR, that is,…
Understanding identification of Bulk Email in Office 365
Bulk email, sometimes referred to as grey mail, or gray mail, is a type of email that is difficult to classify for all users at a global level. Bulk or gray email is email that some users want but others consider spam. For example, some users want their email from Amazon Local’s Daily Deals or…
Why do spammers spam? I try to explain it using the Moralization Gap
Don’t spammers know they are irritating the rest of us? Lately, I have been thinking a little bit on why spammers spam. I have never conducted a large study of this, all of my research about their own explanations comes from my memory of articles I have read and videos I have seen of convicted…
Microsoft, the NSA, the Backfire Effect and how we all make bad decisions
A couple of weeks ago, I read a blog post on the Wall Street Journal where they were commenting on comments made by Brad Smith, Microsoft’s top legal counsel. His comments were in response to latest revelations that the NSA sometimes sniffs network traffic between data centers: Microsoft’s top lawyer compared the National Security Agency…
How to setup your DMARC records if you are outsourcing some, or all, of your email – Part 2
Continuing on in our series on authenticating outsourced email, how do we outsource our email such that we also pass a DMARC check? First, decide if you want DMARC to pass via an SPF check or a DKIM validation, or both. Second, delegate a subdomain for the 3rd party to send email “as your authenticating…
How to setup DMARC records if you are outsourcing some, or all, of your email – Part 1
In my previous posts, I discussed how to set up your SPF, SenderID, and DKIM records if you are an organization that outsources some of its email to a 3rd party, such as advertising. For example, an airline might send out its flight confirmations from its own email servers and infrastructure, but contract out a…
How to set up your DKIM records if you are outsourcing some, or all, of your email and still build your reputation
In my previous post, I described how you can set up DKIM records if you are outsourcing your advertising email to a 3rd party. In summary: You don’t have to do anything. However, this comes at the cost of not being able to generate your own domain-reputation. You may care about generating reputation. After all,…