Understanding Safety Tips in Office 365

Exchange Online Protection (EOP) already protects you with industry-leading spam and malware prevention. However, these attacks are so well crafted that they look legitimate. Sometimes putting messages into the Junk Email folder isn’t enough. EOP will automatically verify the sender and add a Safety Tip within an email message to warn you about potentially harmful…

4

How antispoofing protection works in Office 365

Update: If you need help removing the red safety tip for antispoofing checks, go here: Troubleshooting the red spoofing tip in Office 365 Exchange Online Protection (EOP), the email filtering component of Office 365, is rolling out, or has already rolled out, full antispoof protection for all of its customers. Most of our customers already…

52

I don’t mean to name and shame, but I will

A few months ago, I made the mistake of signing up for a webcast that opted me in to getting continuous communicates from them about upcoming online seminars. I was getting tired of all of these invites so I unsubscribed. I kept getting more invites so I unsubscribed again. I kept getting even more invites…

5

The common types of spear phish we see today

As 2015 draws near to a close, I thought I’d write a blog post about the type of spear phishes we are seeing lately against our customer base. This is not general brand phish like someone spoofing Paypal, but instead a phisher trying to impersonate your domain, for example, if the domain under attack is…

2

Combating spoofing

Three years ago, I wrote a blog post entitled Combating Phishing talking about what Exchange Online Protection (EOP) does to stop phishing messages [1]. Last year, I wrote one of my most popular blog posts entitled Why does spam and phishing get through Office 365, and what can be done about it? Recently, I wrote…

5

(Not) Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing

 Recently, I’ve noticed that sometimes customers in Office 365 will login to the Exchange Admin Center, go to Protection –> Spam Filter –> Advanced Options and enable the Advanced Spam Filtering (ASF) option for “SPF Hard Fail.”  The reason people do this is to stop messages from arriving into a customer’s organization that look like…

10

Podcast episode 6 – Facebook’s new PGP feature is nice, but…

Description A couple of weeks ago, Facebook released support for PGP, and that’s great. Facebook is a leader in the security space as they support SPF, DKIM, DMARC, and opportunistic TLS for email; https for standard browsing; and a Tor site for users who need secrecy. And now, they’ve added PGP support. The problem is…

0

Solving the problem of DMARC’s incompatibility with mailing lists – Part 1

One of the problems that the email filtering community still hasn’t solved with regards to DMARC is how to deal with the problem of mailing lists. You know, mailing lists. Those are those things that you subscribe to about a certain topic that contains a bunch of other people. When you email the list, your…

1

Introducing NDR backscatter storm prevention

A few weeks ago, we rolled out NDR backscatter protection with Boomerang for hosted mailboxes in Office 365, and that change is going live this week for customers with on-premise mail servers. Next up is a feature that builds on top of Boomerang – NDR backscatter storm prevention. What is an NDR backscatter storm? Well,…

4

Office 365 will slightly modify its treatment of anonymous inbound email over IPv6

Exchange Online Protection (EOP), aka Office 365, is going to be making a small change to its behavior for inbound anonymous (i.e., not sent over TLS) email sent over IPv6. Luckily, for customers with IPv6 enabled, no action is required. Currently, we require the following for senders over IPv6: The sending IPv6 address must have…

3

Best Practices for Exchange Online Protection customers to align with DMARC

Background Spammers frequently forge the "From" address on email messages so the spam appears to come from a familiar sender such as your bank or social network, or more dangerously, from your own organization so that it looks like an internal sender. To help prevent this abuse, Exchange Online Protection (EOP) supports DMARC, a protocol…

3

How Office 365 does SPF checks for customer-to-customer mail

There may be some confusion about how Office 365, or Exchange Online Protection (EOP), does SPF checks on incoming email – especially in the case when Customer A sends email to Customer B and both parties are EOP customers. This applies to the case when the sending email account is from a separate mail server,…

3

Cyber thieves stealing from businesses and how DMARC can help

I read an article yesterday entitled Cyber thieves stole $215 million from businesses using hacked email addresses. How did they do it? Here’s a key except: Here’s a nightmare scenario: You’re working in the accounts department, when you receive an email from your boss, asking that you urgently wire one of the company’s foreign suppliers…

1