Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Browse by Tags

Tagged Content List
  • Blog Post: Podcast episode 6 – Facebook’s new PGP feature is nice, but…

    Description A couple of weeks ago, Facebook released support for PGP, and that's great. Facebook is a leader in the security space as they support SPF, DKIM, DMARC, and opportunistic TLS for email; https for standard browsing; and a Tor site for users who need secrecy. And now, they've added PGP support...
  • Blog Post: A fourth option for solving the problem of DMARC’s incompatibility with mailing lists – Part 3

    We’ve looked at three options for solving the problem of mailing lists who have problems delivering email for domains that publish p=reject. None of the solutions are great. What else is there? 4. Play around with the From: address, or maybe even the Sender: and Reply-To: fields, to make it not fail...
  • Blog Post: Three options for solving the problem of DMARC’s incompatibility with mailing lists – Part 2

    How can we solve the problem of mailing lists breaking DMARC? 1. Don’t let anyone with a DMARC record of p=reject join the mailing list One solution is to moderate who joins the mailing list. Domains that you think will fail DMARC cannot sign up. This is the worst solution. First, it excludes a large...
  • Blog Post: Solving the problem of DMARC’s incompatibility with mailing lists – Part 1

    One of the problems that the email filtering community still hasn’t solved with regards to DMARC is how to deal with the problem of mailing lists. You know, mailing lists. Those are those things that you subscribe to about a certain topic that contains a bunch of other people. When you email the list...
  • Blog Post: Introducing NDR backscatter storm prevention

    A few weeks ago, we rolled out NDR backscatter protection with Boomerang for hosted mailboxes in Office 365, and that change is going live this week for customers with on-premise mail servers. Next up is a feature that builds on top of Boomerang – NDR backscatter storm prevention. What is an NDR backscatter...
  • Blog Post: Office 365 will slightly modify its treatment of anonymous inbound email over IPv6

    Exchange Online Protection (EOP), aka Office 365, is going to be making a small change to its behavior for inbound anonymous (i.e., not sent over TLS) email sent over IPv6. Luckily, for customers with IPv6 enabled, no action is required. Currently, we require the following for senders over IPv6: The...
  • Blog Post: Best Practices for Exchange Online Protection customers to align with DMARC

    Background Spammers frequently forge the "From" address on email messages so the spam appears to come from a familiar sender such as your bank or social network, or more dangerously, from your own organization so that it looks like an internal sender. To help prevent this abuse, Exchange Online...
  • Blog Post: How Office 365 does SPF checks for customer-to-customer mail

    There may be some confusion about how Office 365, or Exchange Online Protection (EOP), does SPF checks on incoming email - especially in the case when Customer A sends email to Customer B and both parties are EOP customers. This applies to the case when the sending email account is from a separate mail...
  • Blog Post: Cyber thieves stealing from businesses and how DMARC can help

    I read an article yesterday entitled Cyber thieves stole $215 million from businesses using hacked email addresses . How did they do it? Here’s a key except: Here's a nightmare scenario: You're working in the accounts department, when you receive an email from your boss, asking that you urgently wire...
  • Blog Post: The Red Queen theory of Internet security

    I sometimes think to myself about how little progress has been made in Internet security in general since I first started working in it 10 1/2 years ago. To be sure,  lots of things have come out: Email authentication techniques Multi-factor authentication for logging into email accounts, social...
  • Blog Post: An update on DKIM-on-IPv4 and DMARC in Office 365

    If you’re wondering when Office 365 is going to release inbound validation for DKIM-on-IPv4 and DMARC support, I have an update for you. We are currently evaluating DKIM-on-IPv4 everywhere in the service but are fixing the remaining bugs Today, we stamp the DKIM results in a temporary header, X-DkimResult...
  • Blog Post: Office 365 releases IP throttling

    One of the improvements to the Exchange Online Protection (EOP) service, also known as Office 365, that has been released over the past few weeks is IP throttling [1]. Office 365’s implementation looks at IP reputation, inspects the IP’s sending history, and makes decisions about whether...
  • Blog Post: Office 365 increases its malicious URL coverage

    Over the past two weeks, Office 365 (Exchange Online Protection) has improved its detection of spam, phishing and malware by increasing the number of URLs in its reputation lists. Two months ago we were at 750,000 URLs, we are now at 1.7 million – an increase of almost 100%! Secondly, we decreased the...
  • Blog Post: A workaround for receivers who want anonymous inbound email over IPv6 but receive a lot of unauthenticated email

    When signing up for anonymous inbound IPv6 support in Office 365, Office 365 requires that senders over IPv6: Send email from an IP with a PTR record The sending message must pass either SPF or DKIM Office 365 customers are given a special tag to publish in their MX records which the service...
  • Blog Post: Using DMARC in Office 365

    Exchange Online Protection (EOP), also known as Office 365, will soon be supporting DMARC for authenticating email which is a feature designed to combat phishing and spoofing of email. If you’re unfamiliar with DMARC, here are a few links that explain it: My own blog post: A brief introduction...
  • Blog Post: I am now helping out a little bit with Hotmail and outlook.com

    One of the projects I will be working on going forward is helping out with some of the filtering with outlook.com. In case you haven’t heard, over the past few months Microsoft has merged together the spam filtering units responsible for protecting Office 365 (also known as Exchange Online Protection...
  • Blog Post: Why do I have to give up my email address in order to get discounts?

    This weekend, I went shopping at random stores around the city where I live. For you see, my wife purchased a book of coupons and we decided to use some of them. We flipped through the book looking for ones we might like and found a few to stores we had never been to, nor would ever go to had we not...
  • Blog Post: Slideshow: A brief overview of how email over IPv6 works in Office 365

    The following is a brief overview of how email over IPv6 works in Office 365, and why we are doing some of the things we are doing. Other services that also support email over IPv6 work similarly. Source: A plan for email over IPv6 on Slideshare Related Articles: Support for Anonymous...
  • Blog Post: Slideshow: A brief introduction to DMARC

    Below is a slideshow of a presentation about DMARC I did at this year’s Virus Bulletin conference in Seattle. It’s not that technical although I do use a few technical terms. However, even newcomers to email will be able to understand it. Using DMARC to Improve Your Email Reputation...
  • Blog Post: How to create Allow rules in Office 365 for senders over IPv6 (and also for IPv4)

    Office 365 now permits anonymous inbound email over IPv6. Most of the functionality works the same in IPv4 as IPv6. However, there are some differences for inbound messages where customers want to allow messages from a particular domain or sender. Whereas in IPv4, customers could create IP Allow rules...
  • Blog Post: Support for anonymous inbound email over IPv6 in Office 365

    Office 365 now supports anonymous inbound email over IPv6. In this case, “anonymous” means: The sending IPv6 address originates outside the service and is not in any customer’s settings (that is, not in any customer-specified connector) The sending IPv6 address has not been...
  • Blog Post: Why does spam and phishing get through Office 365? And what can be done about it?

    Introduction As a filtering service, Office 365 (Exchange Online Protection, or EOP) is dedicated to providing the best antispam filtering possible, and we take this task seriously: We are working hard to keep spam out of your inbox We are working hard to ensure we don’t mistakenly...
  • Blog Post: Submitting spam back to Office 365

    Office 365 (Exchange Online Protection) regularly asks customers to submit spam samples back so that we can improve the service. This information is also available here: Submitting spam and non-spam messages to Microsoft for analysis http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx...
  • Blog Post: Different Levels of Bulk Mail filtering in Office 365

    In the Office 365 service, we have made a change to the way the service detects bulk email. In the past, we lumped all Bulk email together. For example, suppose you had four messages with the following Subject lines and other characteristics: Subject: Your Daily Deal-of-the-Day! You signed up for this...
  • Blog Post: I have been fighting spam for 10 years

    A week and a half ago, I “celebrated” my 10th year fighting spam. I originally joined Frontbridge in July 2004, and 10 years later I am still with Frontbridge after it was acquired by Microsoft. Since that time, it has been known as: Frontbridge (how almost everyone in the email filtering community still...
Page 1 of 7 (169 items) 12345»