Clik here to view.
How to get images to load in Outlook.com, Office 365, and Outlook email clients
People sometimes ask me "How do I, as a sender into Office 365, get images to load by default? Every time I send, the images are blocked." I've decided to finally answer that question so I don't need...
View ArticleA way to (sort of) approximate DMARC aggregate reports in Office 365
One of the most common questions people ask me is "How do you get Office 365 to send out DMARC aggregate and forensic reports?" This is followed by "When is Office 365 going to send out DMARC...
View ArticleIf your MX record doesn’t point to Office 365, how do you disable spam...
One of the questions that has come up recently, especially as a lot of customers migrate over from an existing spam filtering solution to Office 365, is how to force Office 365 to rely upon the...
View ArticleClik here to view.
Chasing the (very) long tail of unauthenticated domains
One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that a certain domain that is owned by Microsoft is prone to spoofing because it does not have email...
View ArticleClik here to view.
The unauthenticated sender ‘?’ comes to Outlook
About a year ago, in Office 365, we released the feature that - similar to Gmail - Outlook Web Access stamps a '?' in the sender photo when the message is not authenticated with either SPF or DKIM....
View ArticleClik here to view.
The Terry Zink Security Talk blog comes to an end
Some of you may have noticed that the amount that I post on this blog has lessened over the years, and especially this year. This is not for lack of ideas, but simply lack of time to write good,...
View ArticleClik here to view.
A short intro to how the Phishing Confidence Level (PCL) works
This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back in the olden days - 2007 or so - Exchange server used to have its own spam filter, Smartscreen....
View ArticleClik here to view.
How to securely add a sender to an allow list in Office 365
Background We sometimes see users creating allow rules, either through Exchange Transport Rules (ETRs), or Domain Allows, or Safe Senders, when they want to receive email from senders. However, they...
View ArticleClik here to view.
When creating support tickets about spam, be sure to include message headers
When users get spam and phishing messages in the inbox, we ask users to submit them back to us, using the instructions here: Submit spam, non-spam, and phishing scam messages to Microsoft for...
View ArticleClik here to view.
If you use Office 365 but your MX record doesn’t point to Office, you may...
Even though it's not a recommend configuration for our customers (in terms of spam filtering), some customers of Office 365 route their email through a competing spam filtering service in the cloud,...
View Article