Abstract art and the Final Ultimate Solution to the Spam Problem

I think I finally thought of something relevant to cybersecurity and my last post on why we should study art. This may be a stretch, but read on and tell me what you think. Every once in a while, a newbie to the world of fighting spam comes into one of the discussion lists or…

2

How I personally use Outlook with Office 365

Sometimes people ask me how they should configure Outlook and Office 365 (Exchange Online Protection, or EOP) so they work together in the best way. This is tough for me to recommend because it depends on the local set up. However, I can talk about how I personally use it. I am both a normal…

0

Analyzing the language of the Safe Links design of Advanced Threat Protection in Office 365

A couple of months ago, Office 365 released Advanced Threat Protection (ATP) for Exchange Online Protection. You can read more about that here: Exchange Online Advanced Threat Protection is now available https://blogs.office.com/2015/06/01/exchange-online-advanced-threat-protection-is-now-available/ You can read more about how to use it here: Getting started with Office 365 Advanced Threat Protection http://www.c7solutions.com/2015/06/getting-started-with-office-365-advanced-threat-protection I was the Program…

1

I am thinking of starting a podcast

For several months now, I have been thinking about starting a podcast – Terry Zink: Security Talk (which coincidentally happens to be the name of this blog). I’ve been toying with this idea since summer of 2014. I’ve put it off because I am not sure I have enough content or if I want to…

0

Why does spam and phishing get through Office 365? And what can be done about it?

Introduction As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox We are working hard to ensure we don’t mistakenly mark good email as spam The question we…

25

Submitting spam back to Office 365

Office 365 (Exchange Online Protection) regularly asks customers to submit spam samples back so that we can improve the service. This information is also available here: Submitting spam and non-spam messages to Microsoft for analysis http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx This blog post is a visual step-by-step guide on how to submit spam back to Office 365 using a…

0

Understanding how Exchange Transport Rules work on the Sender

One of the more powerful features in Exchange Online Protection (EOP) are Exchange Transport Rules, also known as ETRs. These have a variety of functionality but the one I want to focus on is how they operate on the sender of a message. The following web pages describes the predicates of an ETR, that is,…

1

Understanding identification of Bulk Email in Office 365

Bulk email, sometimes referred to as grey mail, or gray mail, is a type of email that is difficult to classify for all users at a global level. Bulk or gray email is email that some users want but others consider spam. For example, some users want their email from Amazon Local’s Daily Deals or…

3

Why do spammers spam? I try to explain it using the Moralization Gap

Don’t spammers know they are irritating the rest of us? Lately, I have been thinking a little bit on why spammers spam. I have never conducted a large study of this, all of my research about their own explanations comes from my memory of articles I have read and videos I have seen of convicted…

1

Microsoft, the NSA, the Backfire Effect and how we all make bad decisions

A couple of weeks ago, I read a blog post on the Wall Street Journal where they were commenting on comments made by Brad Smith, Microsoft’s top legal counsel. His comments were in response to latest revelations that the NSA sometimes sniffs network traffic between data centers: Microsoft’s top lawyer compared the National Security Agency…

1

How to setup DMARC records if you are outsourcing some, or all, of your email – Part 1

In my previous posts, I discussed how to set up your SPF, SenderID, and DKIM records if you are an organization that outsources some of its email to a 3rd party, such as advertising. For example, an airline might send out its flight confirmations from its own email servers and infrastructure, but contract out a…

1