Clik here to view.
Why we believe strange things
This post doesn’t have anything to do with cyber security. It’s one of those “It’s my blog and I can write what interests me” posts. * * * * * * * * * * * * * A couple of years ago I read Robert...
View ArticleHooking up additional spam filters in front of or behind Office 365
Note: This blog post reflects my own recommendations. Over here in Exchange Online Protection (EOP), people sometimes ask me why we don’t recommend hooking up multiple layers of filtering in front of...
View ArticleClik here to view.
Phishing, magic, Stuxnet, and how they all work together
Part 1 – There’s more to me than just fighting spam If all you know of me is through this blog, then you’ll know I’ve been involved in the fight against spam, malware, and phishing for over a decade....
View ArticleExchange Online increases its URL filtering
One of the ways in which Exchange Online detects spam, malware, and phishing is through URL filtering. We use a variety of sources, you can find them here:...
View ArticleClik here to view.
The outbound IP and HELO format for Office 365
Regularly, Office 365 is asked by other email receivers about the way our mail servers and IP addresses are set up, and the need to conform to a particular standard. That standard (which is more of a...
View ArticleSending mail with invalid From: addresses to Office 365
One of the changes to go into Office 365 in the past year is an antispam rule that rejects on messages with an invalid From: address. When this occurs, the message is rejected with: 550 5.7.512 Access...
View ArticleClik here to view.
How we moved microsoft.com to a p=quarantine DMARC record
In case you hadn’t noticed, Microsoft recently published a DMARC record that says p=quarantine: _dmarc.microsoft.com. 3600 IN TXT “v=DMARC1; p=quarantine; pct=100; rua=mailto:d@rua.agari.com;...
View ArticleClik here to view.
Messages going to Junk even though they aren’t spam? Check to see if you have...
Recently, I’ve been seeing a spike in customer escalations saying that messages that aren’t marked as spam are nevertheless getting sent to the Junk Mail folder. This is despite the message headers...
View ArticleHotmail/Outlook.com evaluates DKIM a little differently than Office 365
If you’re a user in Hotmail, Outlook.com, or any other of Microsoft’s consumer email services, you may notice that it evaluates DKIM a little differently than you might expect (you would only notice...
View ArticleClik here to view.
Troubleshooting the red (Suspicious) Safety Tip for fraud detection checks
Introduction It has now been about 8 months since we released our antispoofing protection in Office 365, a feature that defends against Business Email Compromise, where the From and To domains are the...
View ArticleClik here to view.
Where email authentication is not so great at stopping phishing – random IT...
On this blog, I’ve written a lot about email authentication and preached its virtues. If you are a domain owner, you should definitely set up SPF, DKIM, and DMARC records both so that emails to you can...
View ArticleClik here to view.
Where email authentication is totally great at stopping phishing –...
As I was saying in my other blog post about email authentication, and how it struggles to stop random IT phishing attacks, there is a type of attack that it is great at stopping – springboard attacks....
View ArticleA security story that is kind of disturbing
I’ve got a story for you. As a security person, it’s a little disturbing. I was driving in the car with my wife yesterday who works in the health care industry (she’s not a doctor). She was telling me...
View ArticleClik here to view.
Where email authentication is potentially great – protecting against spoofing...
So, in the past couple of posts, I’ve talked about how email authentication is not that great against phishing attacks that use random parameters in the sender, but is well-designed to work against...
View ArticleClik here to view.
Where email authentication falls flat at stopping phishing – impersonation...
In this series so far, we’ve seen how email authentication is a great thing at stopping phishing under some circumstances, and where it isn’t that useful in other circumstances. A circumstance where...
View ArticleClik here to view.
Would a DMARC reject record have prevented Donald Trump from getting elected?
One of the reasons I just wrote that four part series on where email authentication is helpful against phishing, and where it is not-so-helpful, is because I wanted to examine the John Podesta email...
View ArticleSending mail with invalid From: addresses to Office 365
One of the changes to go into Office 365 in the past year is an antispam rule that rejects on messages with an invalid From: address. When this occurs, the message is rejected with: 550 5.7.512 Access...
View ArticleClik here to view.
Would a DMARC reject record have prevented Donald Trump from getting elected?
One of the reasons I just wrote that four part series on where email authentication is helpful against phishing, and where it is not-so-helpful, is because I wanted to examine the John Podesta email...
View ArticleSending mail with invalid From: addresses to Office 365
One of the changes to go into Office 365 in the past year is an antispam rule that rejects on messages with an invalid From: address. When this occurs, the message is rejected with: 550 5.7.512 Access...
View ArticleClik here to view.
Would a DMARC reject record have prevented Donald Trump from getting elected?
One of the reasons I just wrote that four part series on where email authentication is helpful against phishing, and where it is not-so-helpful, is because I wanted to examine the John Podesta email...
View Article