If you use Office 365 but your MX record doesn’t point to Office, you may want to close down your security settings

Even though it’s not a recommend configuration for our customers (in terms of spam filtering), some customers of Office 365 route their email through a competing spam filtering service in the cloud, or through an on-prem server. That is, the mail flow looks like this: I’ve written previously about the problems this can cause, see…

0

Making sure your junk email filtering is enabled in Office 365

If you’re a user of Office 365 with a hosted mailbox, there may be times when a message ends up in your inbox despite the fact that it was marked as spam. When this occurs, it may be because you have (somehow) disabled junk mail filtering. When this occurs, email is still marked as spam,…

0

Hooking up additional spam filters in front of or behind Office 365

 Note: This blog post reflects my own recommendations. Over here in Exchange Online Protection (EOP), people sometimes ask me why we don’t recommend hooking up multiple layers of filtering in front of solution. That is, instead of doing one of these: Internet -> EOP -> hosted mailbox Internet -> EOP -> on-prem mail server ……

9

Understanding Safety Tips in Office 365

Exchange Online Protection (EOP) already protects you with industry-leading spam and malware prevention. However, these attacks are so well crafted that they look legitimate. Sometimes putting messages into the Junk Email folder isn’t enough. EOP will automatically verify the sender and add a Safety Tip within an email message to warn you about potentially harmful…

4

How antispoofing protection works in Office 365

Update: If you need help removing the red safety tip for antispoofing checks, go here: Troubleshooting the red spoofing tip in Office 365 Exchange Online Protection (EOP), the email filtering component of Office 365, is rolling out, or has already rolled out, full antispoof protection for all of its customers. Most of our customers already…

53

I don’t mean to name and shame, but I will

A few months ago, I made the mistake of signing up for a webcast that opted me in to getting continuous communicates from them about upcoming online seminars. I was getting tired of all of these invites so I unsubscribed. I kept getting more invites so I unsubscribed again. I kept getting even more invites…

5

The common types of spear phish we see today

As 2015 draws near to a close, I thought I’d write a blog post about the type of spear phishes we are seeing lately against our customer base. This is not general brand phish like someone spoofing Paypal, but instead a phisher trying to impersonate your domain, for example, if the domain under attack is…

2

Combating spoofing

Three years ago, I wrote a blog post entitled Combating Phishing talking about what Exchange Online Protection (EOP) does to stop phishing messages [1]. Last year, I wrote one of my most popular blog posts entitled Why does spam and phishing get through Office 365, and what can be done about it? Recently, I wrote…

5

(Not) Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing

 Recently, I’ve noticed that sometimes customers in Office 365 will login to the Exchange Admin Center, go to Protection –> Spam Filter –> Advanced Options and enable the Advanced Spam Filtering (ASF) option for “SPF Hard Fail.”  The reason people do this is to stop messages from arriving into a customer’s organization that look like…

11

Podcast episode 6 – Facebook’s new PGP feature is nice, but…

Description A couple of weeks ago, Facebook released support for PGP, and that’s great. Facebook is a leader in the security space as they support SPF, DKIM, DMARC, and opportunistic TLS for email; https for standard browsing; and a Tor site for users who need secrecy. And now, they’ve added PGP support. The problem is…

0

Solving the problem of DMARC’s incompatibility with mailing lists – Part 1

One of the problems that the email filtering community still hasn’t solved with regards to DMARC is how to deal with the problem of mailing lists. You know, mailing lists. Those are those things that you subscribe to about a certain topic that contains a bunch of other people. When you email the list, your…

1

Introducing NDR backscatter storm prevention

A few weeks ago, we rolled out NDR backscatter protection with Boomerang for hosted mailboxes in Office 365, and that change is going live this week for customers with on-premise mail servers. Next up is a feature that builds on top of Boomerang – NDR backscatter storm prevention. What is an NDR backscatter storm? Well,…

4

Office 365 will slightly modify its treatment of anonymous inbound email over IPv6

Exchange Online Protection (EOP), aka Office 365, is going to be making a small change to its behavior for inbound anonymous (i.e., not sent over TLS) email sent over IPv6. Luckily, for customers with IPv6 enabled, no action is required. Currently, we require the following for senders over IPv6: The sending IPv6 address must have…

3