Terry Zink: Security Talk
Discussing Internet security in (mostly) plain English
Please note: The Terry Zink Security Talk blog is being deprecated in March 2019 in order to focus...
Date: 06/20/2018
Update: This blog post is being deprecated and information is being moved to support.office.com:...
Date: 06/20/2018
One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that...
Date: 06/08/2018
One of the questions that has come up recently, especially as a lot of customers migrate over from...
Date: 06/05/2018
One of the most common questions people ask me is "How do you get Office 365 to send out DMARC...
Date: 05/21/2018
People sometimes ask me "How do I, as a sender into Office 365, get images to load by default? Every...
Date: 02/23/2018
If you use Office 365 but your MX record doesn't point to Office, you may want to close down your security settings
Even though it's not a recommend configuration for our customers (in terms of spam filtering), some...
Date: 12/28/2017
When users get spam and phishing messages in the inbox, we ask users to submit them back to us,...
Date: 11/30/2017
Background We sometimes see users creating allow rules, either through Exchange Transport Rules...
Date: 11/29/2017
Over the past month, my team and I have been going over logs in our system, looking for SPF...
Date: 11/19/2017
18 months ago, I wrote the following blog post: Why does my email from Facebook, that I forward from...
Date: 11/03/2017
I couldn't believe it. I had been blind for ages. Why had I not seen it before? The month was August...
Date: 10/21/2017
A couple of weeks ago, we made an announcement in Office 365 that we would be implementing stricter...
Date: 10/21/2017
In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using...
Date: 09/05/2017
Some background As I've said before, one of the things I like about DMARC is how I don't have to...
Date: 08/24/2017
Does SPF need an update so subdomains can inherit the policy of its organizational domain? I say yes
The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the...
Date: 08/15/2017
If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their...
Date: 07/06/2017
Over the past week, I've noticed an increase in user escalations asking to disable unauthorized...
Date: 06/23/2017
Update on Nov 3, 2017 - See A second update on the problem of email forwarding in Office 365 Well...
Date: 06/22/2017
There's a lot of ambiguity about the term "sender" when talking about the sender of an email. What...
Date: 06/22/2017
Why messages sometimes end up in the Junk folder in Outlook.com even when the sender is on your Safe Senders list
In Outlook.com, occasionally we get a complaint from a user saying that a message is in their Junk...
Date: 05/21/2017
One of the problems that some of our users have been experiencing in Outlook.com is using the "You...
Date: 04/30/2017
Recently in Outlook.com, I've seen a spurt of user complaints that they are adding senders to the...
Date: 03/28/2017
One of the problems with DMARC is how mailing lists deal with participants that publish p=reject...
Date: 03/22/2017
Over the past two months, I have taken on a role to deal with deliverability and user complaints for...
Date: 03/17/2017
I've been quiet on this blog for a couple of weeks, and that's because I've been helping out...
Date: 02/17/2017
I'm currently doing a bunch of work around making Outlook.com better, and one the things I've...
Date: 01/31/2017
Where email authentication falls flat at stopping phishing - impersonation attacks using display tricks
In this series so far, we've seen how email authentication is a great thing at stopping phishing...
Date: 12/06/2016
Where email authentication is potentially great – protecting against spoofing from domains with weak authentication
So, in the past couple of posts, I've talked about how email authentication is not that great...
Date: 12/03/2016
Where email authentication is totally great at stopping phishing – springboard attacks (and filling in the gaps)
As I was saying in my other blog post about email authentication, and how it struggles to stop...
Date: 11/28/2016
On this blog, I've written a lot about email authentication and preached its virtues. If you are a...
Date: 11/23/2016
Introduction It has now been about 8 months since we released our antispoofing protection in Office...
Date: 11/02/2016
If you're a user in Hotmail, Outlook.com, or any other of Microsoft's consumer email services, you...
Date: 10/18/2016
Messages going to Junk even though they aren't spam? Check to see if you have Safe-Lists-Only enabled
Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked...
Date: 10/12/2016
In case you hadn’t noticed, Microsoft recently published a DMARC record that says p=quarantine:...
Date: 09/27/2016
One of the changes to go into Office 365 in the past year is an antispam rule that rejects on...
Date: 08/25/2016
Regularly, Office 365 is asked by other email receivers about the way our mail servers and IP...
Date: 07/15/2016
One of the ways in which Exchange Online detects spam, malware, and phishing is through URL...
Date: 07/01/2016
Update on Jan 25, 2017 - Still no timeline on a fix for this, we have repeatedly hit issues. :(...
Date: 05/19/2016
As I posted on this blog a couple of months ago, and as we posted on the Office blog last month,...
Date: 05/13/2016
Last month in Cologne, Germany, at the Certified Senders Alliance conference, I gave a presentation...
Date: 05/11/2016
A couple of months ago, I wrote a blog post that we were starting to roll out DKIM signing for our...
Date: 04/13/2016
Exchange Online Protection (EOP) already protects you with industry-leading spam and malware...
Date: 03/30/2016
A few weeks ago, Gmail made several changes to better reflect the security status of messages...
Date: 03/28/2016
This blog post reflects only my opinion about encryption and the protection of sensitive personal...
Date: 03/23/2016