Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Please note: The Terry Zink Security Talk blog is being deprecated in March 2019 in order to focus...

Date: 06/20/2018

Update: This blog post is being deprecated and information is being moved to support.office.com:...

Date: 06/20/2018

One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that...

Date: 06/08/2018

One of the questions that has come up recently, especially as a lot of customers migrate over from...

Date: 06/05/2018

One of the most common questions people ask me is "How do you get Office 365 to send out DMARC...

Date: 05/21/2018

People sometimes ask me "How do I, as a sender into Office 365, get images to load by default? Every...

Date: 02/23/2018

Even though it's not a recommend configuration for our customers (in terms of spam filtering), some...

Date: 12/28/2017

When users get spam and phishing messages in the inbox, we ask users to submit them back to us,...

Date: 11/30/2017

Background We sometimes see users creating allow rules, either through Exchange Transport Rules...

Date: 11/29/2017

Over the past month, my team and I have been going over logs in our system, looking for SPF...

Date: 11/19/2017

18 months ago, I wrote the following blog post: Why does my email from Facebook, that I forward from...

Date: 11/03/2017

I couldn't believe it. I had been blind for ages. Why had I not seen it before? The month was August...

Date: 10/21/2017

A couple of weeks ago, we made an announcement in Office 365 that we would be implementing stricter...

Date: 10/21/2017

In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using...

Date: 09/05/2017

Some background As I've said before, one of the things I like about DMARC is how I don't have to...

Date: 08/24/2017

The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the...

Date: 08/15/2017

If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their...

Date: 07/06/2017

Over the past week, I've noticed an increase in user escalations asking to disable unauthorized...

Date: 06/23/2017

Update on Nov 3, 2017 - See A second update on the problem of email forwarding in Office 365 Well...

Date: 06/22/2017

There's a lot of ambiguity about the term "sender" when talking about the sender of an email. What...

Date: 06/22/2017

In Outlook.com, occasionally we get a complaint from a user saying that a message is in their Junk...

Date: 05/21/2017

One of the problems that some of our users have been experiencing in Outlook.com is using the "You...

Date: 04/30/2017

Recently in Outlook.com, I've seen a spurt of user complaints that they are adding senders to the...

Date: 03/28/2017

One of the problems with DMARC is how mailing lists deal with participants that publish p=reject...

Date: 03/22/2017

Over the past two months, I have taken on a role to deal with deliverability and user complaints for...

Date: 03/17/2017

I've been quiet on this blog for a couple of weeks, and that's because I've been helping out...

Date: 02/17/2017

I'm currently doing a bunch of work around making Outlook.com better, and one the things I've...

Date: 01/31/2017

In this series so far, we've seen how email authentication is a great thing at stopping phishing...

Date: 12/06/2016

So, in the past couple of posts, I've talked about how email authentication is not that great...

Date: 12/03/2016

As I was saying in my other blog post about email authentication, and how it struggles to stop...

Date: 11/28/2016

On this blog, I've written a lot about email authentication and preached its virtues. If you are a...

Date: 11/23/2016

Introduction It has now been about 8 months since we released our antispoofing protection in Office...

Date: 11/02/2016

If you're a user in Hotmail, Outlook.com, or any other of Microsoft's consumer email services, you...

Date: 10/18/2016

Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked...

Date: 10/12/2016

In case you hadn’t noticed, Microsoft recently published a DMARC record that says p=quarantine:...

Date: 09/27/2016

One of the changes to go into Office 365 in the past year is an antispam rule that rejects on...

Date: 08/25/2016

Regularly, Office 365 is asked by other email receivers about the way our mail servers and IP...

Date: 07/15/2016

One of the ways in which Exchange Online detects spam, malware, and phishing is through URL...

Date: 07/01/2016

Update on Jan 25, 2017 - Still no timeline on a fix for this, we have repeatedly hit issues. :(...

Date: 05/19/2016

As I posted on this blog a couple of months ago, and as we posted on the Office blog last month,...

Date: 05/13/2016

Last month in Cologne, Germany, at the Certified Senders Alliance conference, I gave a presentation...

Date: 05/11/2016

A couple of months ago, I wrote a blog post that we were starting to roll out DKIM signing for our...

Date: 04/13/2016

Exchange Online Protection (EOP) already protects you with industry-leading spam and malware...

Date: 03/30/2016

A few weeks ago, Gmail made several changes to better reflect the security status of messages...

Date: 03/28/2016

This blog post reflects only my opinion about encryption and the protection of sensitive personal...

Date: 03/23/2016

Next>