Does SPF need an update to handle non-existent includes? I say yes.
Over the past month, my team and I have been going over logs in our system, looking for SPF PermErrors and trying to figure out how many we had, and the root cause of them. As it turns out, there are...
View ArticleClik here to view.
A short intro to how the Phishing Confidence Level (PCL) works
This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back in the olden days - 2007 or so - Exchange server used to have its own spam filter, Smartscreen....
View ArticleClik here to view.
How to securely add a sender to an allow list in Office 365
Background We sometimes see users creating allow rules, either through Exchange Transport Rules (ETRs), or Domain Allows, or Safe Senders, when they want to receive email from senders. However, they...
View ArticleClik here to view.
When creating support tickets about spam, be sure to include message headers
When users get spam and phishing messages in the inbox, we ask users to submit them back to us, using the instructions here: Submit spam, non-spam, and phishing scam messages to Microsoft for...
View ArticleClik here to view.
Making sure your junk email filtering is enabled in Office 365
If you're a user of Office 365 with a hosted mailbox, there may be times when a message ends up in your inbox despite the fact that it was marked as spam. When this occurs, it may be because you have...
View ArticleClik here to view.
Let’s talk about cryptocurrencies and blockchain
Disclaimer I've been thinking about writing this blog post for a while now. But I've deferred, thinking "I'm too much of a noob. What value can I possibly add to the discussion?" But that's the point....
View ArticleClik here to view.
How do I know which cryptocurrencies will go up in value?
Disclaimer - If you haven't read my disclaimer yet, make sure you do so here. TL;DR version - Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a...
View ArticleClik here to view.
Will blockchain turn out to be another one of tech’s false prophets?
Disclaimer - If you haven't read my disclaimer yet, make sure you do so here. TL;DR version - Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a...
View ArticleClik here to view.
If you use Office 365 but your MX record doesn’t point to Office, you may...
Even though it's not a recommend configuration for our customers (in terms of spam filtering), some customers of Office 365 route their email through a competing spam filtering service in the cloud,...
View ArticleDo the malware writers know something about cryptocurrency that the rest of...
Disclaimer - If you haven't read my disclaimer yet, make sure you do so here. TL;DR version - Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a...
View ArticleClik here to view.
Cryptocurrency’s liquidity problem
It was only a week ago I wrote How do I know which cryptocurrencies will go up in value. It's not easy, and is a lot of work. My personal view of cryptocurrency and blockchains that their social value...
View ArticleStrategies for reducing crytocurrency’s trading friction (that don’t work...
Disclaimer - If you haven't read my disclaimer yet, make sure you do so here. TL;DR version - Buyer beware, I am not an expert, I am fumbling my way through this like the rest of you. Also, I hold a...
View ArticleClik here to view.
How to get images to load in Outlook.com, Office 365, and Outlook email clients
People sometimes ask me "How do I, as a sender into Office 365, get images to load by default? Every time I send, the images are blocked." I've decided to finally answer that question so I don't need...
View ArticleThe all-up guide (mostly) to cross-domain antispoofing protection in Office 365
If you haven't seen it yet, we recently released Cross-Domain Antispoofing protection for our Advanced Threat Protection and E5 customers. You can read all about it here on our official support page...
View ArticleA way to (sort of) approximate DMARC aggregate reports in Office 365
One of the most common questions people ask me is "How do you get Office 365 to send out DMARC aggregate and forensic reports?" This is followed by "When is Office 365 going to send out DMARC...
View ArticleIf your MX record doesn’t point to Office 365, how do you disable spam...
One of the questions that has come up recently, especially as a lot of customers migrate over from an existing spam filtering solution to Office 365, is how to force Office 365 to rely upon the...
View ArticleClik here to view.
Chasing the (very) long tail of unauthenticated domains
One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that a certain domain that is owned by Microsoft is prone to spoofing because it does not have email...
View ArticleClik here to view.
The unauthenticated sender ‘?’ comes to Outlook
About a year ago, in Office 365, we released the feature that - similar to Gmail - Outlook Web Access stamps a '?' in the sender photo when the message is not authenticated with either SPF or DKIM....
View ArticleClik here to view.
The Terry Zink Security Talk blog comes to an end
Some of you may have noticed that the amount that I post on this blog has lessened over the years, and especially this year. This is not for lack of ideas, but simply lack of time to write good,...
View ArticleClik here to view.
A short intro to how the Phishing Confidence Level (PCL) works
This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back in the olden days - 2007 or so - Exchange server used to have its own spam filter, Smartscreen....
View Article