October 22, 2019

Office 365 Now Warns of Fraudulent Senders Emails

A new Office 365 feature, known as’ Unchecked Sender,’ is currently being developed by Microsoft, to help users identify possible spam or phishing messages reaching Outlook client inbox.

“Unverified sender is a new Office 365 function that allows end users in their inbox to recognise suspicious messages,” the company says on the entry of the latest Microsoft 365 app.

“To help customers recognise suspicious messages in their inbox, we added an indicator indicating that the sender has not been able to verify Office 365 spoof intelligence.”

New indicators will be shown in the Outlook inbox for messages where the customer could not verify the email authentication identity of the sender.

Unverified sender indicator

When the unverified sender is triggered, the image of the sender or the initials will be replaced by a question mark on the individual card as shown above. This will facilitate the quick detection of potential phishing attacks or potential sender-spoofing attempts by Office 365 users, says Microsoft.

When an e-mail in your inbox is marked with the Unverified Sender feature of Office 365, you should be careful to interact with them because they may be wrong or have a potential attacker spoofing the sender.

Microsoft also states that if the user sets the sender as’ Safe Sender’ in its inbox, emails will not be evaluated using the unverificated sender filter or if the user has sent them to Outlook’s inbox using an admin enable list, like Email Transport Rules (ETRs), the Safer Domain List (Anti-Spam Policy), or the Safe Sender List.

If the message does not’ go SPF or DKIM authentication and receives either a pass or a composite authentication pass from Office 365 Spoof Intelligence,’ the questionable email indicator will immediately be marked as a question mark. Microsoft provides more information on how to correctly validate outbound email sent by Office 365 using DKIM, and on how to pre-validate outbound mail

DKIM key sizes 2048-bit

Redmond also rolled out expanded DKIM keys to 2048-bit from its existing 1024-bit size in October for all Office 365 customers to improve safety across all environments.

“If your standard or custom DKIM domain is allowed in Office 365 already, it is automatically updated from 1024-bit to 2048-bit at the next rotation date of your DKIM configuration,” Microsoft said.

Administrators can manage DKIM configuration through Exchange PowerShell Admin sessions with the cmdlet Get-DkimSigningConfig.

This new 2048-bit key takes effect on the RotateOnDate, and will send emails with the 1024-bit key in the interim. After four days, you can test again with the 2048-bit key (that is, once the rotation takes effect to the second selector). — Microsoft

Both the 2048-bit DKIM key sizes and the latest unverified Office 365 sender feature are currently being introduced, and may not yet be accessible to all users.

Microsoft is also developing better detection capabilities of malicious email for Office 365, revealed in late July and which allow Threat Explorer 365 administrators to preview and upload malicious emails for further investigation.

Redmond also advised administrators and clients of Microsoft Office 365 not to circumvent built-in spam filters in a June support document and offered advice on the situations where this could not be prevented.

Leave a Reply

Your email address will not be published. Required fields are marked *