Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Browse by Tags

Tagged Content List
  • Blog Post: Office 365 will slightly modify its treatment of anonymous inbound email over IPv6

    Exchange Online Protection (EOP), aka Office 365, is going to be making a small change to its behavior for inbound anonymous (i.e., not sent over TLS) email sent over IPv6. Luckily, for customers with IPv6 enabled, no action is required. Currently, we require the following for senders over IPv6: The...
  • Blog Post: Best Practices for Exchange Online Protection customers to align with DMARC

    Background Spammers frequently forge the "From" address on email messages so the spam appears to come from a familiar sender such as your bank or social network, or more dangerously, from your own organization so that it looks like an internal sender. To help prevent this abuse, Exchange Online...
  • Blog Post: How Office 365 does SPF checks for customer-to-customer mail

    There may be some confusion about how Office 365, or Exchange Online Protection (EOP), does SPF checks on incoming email - especially in the case when Customer A sends email to Customer B and both parties are EOP customers. This applies to the case when the sending email account is from a separate mail...
  • Blog Post: Cyber thieves stealing from businesses and how DMARC can help

    I read an article yesterday entitled Cyber thieves stole $215 million from businesses using hacked email addresses . How did they do it? Here’s a key except: Here's a nightmare scenario: You're working in the accounts department, when you receive an email from your boss, asking that you urgently wire...
  • Blog Post: The Red Queen theory of Internet security

    I sometimes think to myself about how little progress has been made in Internet security in general since I first started working in it 10 1/2 years ago. To be sure,  lots of things have come out: Email authentication techniques Multi-factor authentication for logging into email accounts, social...
  • Blog Post: An update on DKIM-on-IPv4 and DMARC in Office 365

    If you’re wondering when Office 365 is going to release inbound validation for DKIM-on-IPv4 and DMARC support, I have an update for you. We are currently evaluating DKIM-on-IPv4 everywhere in the service but are fixing the remaining bugs Today, we stamp the DKIM results in a temporary header, X-DkimResult...
  • Blog Post: Office 365 releases IP throttling

    One of the improvements to the Exchange Online Protection (EOP) service, also known as Office 365, that has been released over the past few weeks is IP throttling [1]. Office 365’s implementation looks at IP reputation, inspects the IP’s sending history, and makes decisions about whether...
  • Blog Post: Office 365 increases its malicious URL coverage

    Over the past two weeks, Office 365 (Exchange Online Protection) has improved its detection of spam, phishing and malware by increasing the number of URLs in its reputation lists. Two months ago we were at 750,000 URLs, we are now at 1.7 million – an increase of almost 100%! Secondly, we decreased the...
  • Blog Post: A workaround for receivers who want anonymous inbound email over IPv6 but receive a lot of unauthenticated email

    When signing up for anonymous inbound IPv6 support in Office 365, Office 365 requires that senders over IPv6: Send email from an IP with a PTR record The sending message must pass either SPF or DKIM Office 365 customers are given a special tag to publish in their MX records which the service...
  • Blog Post: Using DMARC in Office 365

    Exchange Online Protection (EOP), also known as Office 365, will soon be supporting DMARC for authenticating email which is a feature designed to combat phishing and spoofing of email. If you’re unfamiliar with DMARC, here are a few links that explain it: My own blog post: A brief introduction...
  • Blog Post: I am now helping out a little bit with Hotmail and outlook.com

    One of the projects I will be working on going forward is helping out with some of the filtering with outlook.com. In case you haven’t heard, over the past few months Microsoft has merged together the spam filtering units responsible for protecting Office 365 (also known as Exchange Online Protection...
  • Blog Post: Why do I have to give up my email address in order to get discounts?

    This weekend, I went shopping at random stores around the city where I live. For you see, my wife purchased a book of coupons and we decided to use some of them. We flipped through the book looking for ones we might like and found a few to stores we had never been to, nor would ever go to had we not...
  • Blog Post: Slideshow: A brief overview of how email over IPv6 works in Office 365

    The following is a brief overview of how email over IPv6 works in Office 365, and why we are doing some of the things we are doing. Other services that also support email over IPv6 work similarly. Source: A plan for email over IPv6 on Slideshare Related Articles: Support for Anonymous...
  • Blog Post: Slideshow: A brief introduction to DMARC

    Below is a slideshow of a presentation about DMARC I did at this year’s Virus Bulletin conference in Seattle. It’s not that technical although I do use a few technical terms. However, even newcomers to email will be able to understand it. Using DMARC to Improve Your Email Reputation...
  • Blog Post: How to create Allow rules in Office 365 for senders over IPv6 (and also for IPv4)

    Office 365 now permits anonymous inbound email over IPv6. Most of the functionality works the same in IPv4 as IPv6. However, there are some differences for inbound messages where customers want to allow messages from a particular domain or sender. Whereas in IPv4, customers could create IP Allow rules...
  • Blog Post: Support for anonymous inbound email over IPv6 in Office 365

    Office 365 now supports anonymous inbound email over IPv6. In this case, “anonymous” means: The sending IPv6 address originates outside the service and is not in any customer’s settings (that is, not in any customer-specified connector) The sending IPv6 address has not been...
  • Blog Post: Why does spam and phishing get through Office 365? And what can be done about it?

    Introduction As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox We are working hard to ensure we don’t mistakenly...
  • Blog Post: Submitting spam back to Office 365

    Office 365 (Exchange Online Protection) regularly asks customers to submit spam samples back so that we can improve the service. This information is also available here: Submitting spam and non-spam messages to Microsoft for analysis http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx...
  • Blog Post: Different Levels of Bulk Mail filtering in Office 365

    In the Office 365 service, we have made a change to the way the service detects bulk email. In the past, we lumped all Bulk email together. For example, suppose you had four messages with the following Subject lines and other characteristics: Subject: Your Daily Deal-of-the-Day! You signed up for this...
  • Blog Post: I have been fighting spam for 10 years

    A week and a half ago, I “celebrated” my 10th year fighting spam. I originally joined Frontbridge in July 2004, and 10 years later I am still with Frontbridge after it was acquired by Microsoft. Since that time, it has been known as: Frontbridge (how almost everyone in the email filtering community still...
  • Blog Post: I received a pretty good Apple phish this morning

    This morning, I discovered that I had received an email “from” Apple informing me that I had recently updated my credit card with Apple: The screenshot above is from my Thunderbird email client but that’s not where I originally checked it – I originally checked it on my phone. The first thing I thought...
  • Blog Post: Let’s not be too smug when others are hacked because we all do things we shouldn’t

    This will be another long post. A couple of weeks ago, you may have read that the Syrian Electronic Army hacked into Forbes and posted a bunch of usernames and passwords. What you may not know is that Forbes has been fairly transparent in describing how it happened and how they plan to mitigate going...
  • Blog Post: Understanding identification of Bulk Email in Office 365

    Bulk email, sometimes referred to as grey mail, or gray mail, is a type of email that is difficult to classify for all users at a global level. Bulk or gray email is email that some users want but others consider spam. For example, some users want their email from Amazon Local’s Daily Deals or invitations...
  • Blog Post: Why do spammers spam? I try to explain it using the Moralization Gap

    Don’t spammers know they are irritating the rest of us? Lately, I have been thinking a little bit on why spammers spam. I have never conducted a large study of this, all of my research about their own explanations comes from my memory of articles I have read and videos I have seen of convicted spammers...
  • Blog Post: How to create more aggressive Bulk email settings in Exchange Online

    Update 2014-04-04: Updated the Text Patterns for ETR#1 - modified #2, added #12 and #13 Update 2014-08-25: This article is now updated by this one: Different levels of bulk mail filtering in Office 365 One of the more common requests in the Forefront Online Protection for Exchange (FOPE) and Exchange...
Page 1 of 7 (164 items) 12345»