Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

The Terry Zink Security Talk blog comes to an end

Please note: The Terry Zink Security Talk blog is being deprecated in March 2019 in order to focus...

Author: tzink Date: 06/20/2018

The unauthenticated sender '?' comes to Outlook

Update: This blog post is being deprecated and information is being moved to support.office.com:...

Author: tzink Date: 06/20/2018

Chasing the (very) long tail of unauthenticated domains

One of the requests that frequently crosses my desk (computer screen) is a vulnerability claim that...

Author: tzink Date: 06/08/2018

If your MX record doesn't point to Office 365, how do you disable spam filtering in Office 365?

One of the questions that has come up recently, especially as a lot of customers migrate over from...

Author: tzink Date: 06/05/2018

A way to (sort of) approximate DMARC aggregate reports in Office 365

One of the most common questions people ask me is "How do you get Office 365 to send out DMARC...

Author: tzink Date: 05/21/2018

How to get images to load in Outlook.com, Office 365, and Outlook email clients

People sometimes ask me "How do I, as a sender into Office 365, get images to load by default? Every...

Author: tzink Date: 02/23/2018

If you use Office 365 but your MX record doesn't point to Office, you may want to close down your security settings

Even though it's not a recommend configuration for our customers (in terms of spam filtering), some...

Author: tzink Date: 12/28/2017

When creating support tickets about spam, be sure to include message headers

When users get spam and phishing messages in the inbox, we ask users to submit them back to us,...

Author: tzink Date: 11/30/2017

How to securely add a sender to an allow list in Office 365

Background We sometimes see users creating allow rules, either through Exchange Transport Rules...

Author: tzink Date: 11/29/2017

A short intro to how the Phishing Confidence Level (PCL) works

This is a rough description of how the Phishing Confidence Level (PCL) works in Office 365. Way back...

Author: tzink Date: 11/24/2017

Does SPF need an update to handle non-existent includes? I say yes.

Over the past month, my team and I have been going over logs in our system, looking for SPF...

Author: tzink Date: 11/19/2017

A second update to the problem of email forwarding in Office 365

18 months ago, I wrote the following blog post: Why does my email from Facebook, that I forward from...

Author: tzink Date: 11/03/2017

How we got to enforce DMARC for sub-domains of Microsoft's largest consumer email brands

I couldn't believe it. I had been blind for ages. Why had I not seen it before? The month was August...

Author: tzink Date: 10/21/2017

Blocking invalid From: addresses in Office 365

A couple of weeks ago, we made an announcement in Office 365 that we would be implementing stricter...

Author: tzink Date: 10/21/2017

Showing a question mark '?' in the sender photo when a message is not authenticated

In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using...

Author: tzink Date: 09/05/2017

Does DMARC need an update to handled branded TLDs? I say yes

Some background As I've said before, one of the things I like about DMARC is how I don't have to...

Author: tzink Date: 08/24/2017

Does SPF need an update so subdomains can inherit the policy of its organizational domain? I say yes

The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the...

Author: tzink Date: 08/15/2017

How we use the Certified Senders Alliance IP reputation list

If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their...

Author: tzink Date: 07/06/2017

Disabling unauthorized forwarding in Outlook.com

Over the past week, I've noticed an increase in user escalations asking to disable unauthorized...

Author: tzink Date: 06/23/2017

An update on the forwarding email problem in Office 365

Update on Nov 3, 2017 - See A second update on the problem of email forwarding in Office 365 Well...

Author: tzink Date: 06/22/2017

What do we mean when we refer to the 'sender' of an email?

There's a lot of ambiguity about the term "sender" when talking about the sender of an email. What...

Author: tzink Date: 06/22/2017

How the Outlook.com Spam Fighters program works

Over here in Outlook.com (and Office 365), we hate spam (and phishing, and malware). We're doing...

Author: tzink Date: 05/21/2017

Why messages sometimes end up in the Junk folder in Outlook.com even when the sender is on your Safe Senders list

In Outlook.com, occasionally we get a complaint from a user saying that a message is in their Junk...

Author: tzink Date: 05/21/2017

Fixing a problem with "Unsubscribe" in Outlook.com

One of the problems that some of our users have been experiencing in Outlook.com is using the "You...

Author: tzink Date: 04/30/2017

Why adding to Blocked Senders sometimes doesn't block the sender

Recently in Outlook.com, I've seen a spurt of user complaints that they are adding senders to the...

Author: tzink Date: 03/28/2017

A tip for mailing list operators to interoperate with DMARC to avoid failures

One of the problems with DMARC is how mailing lists deal with participants that publish p=reject...

Author: tzink Date: 03/22/2017

A quick overview of Outlook.com (Hotmail) sender support

Over the past two months, I have taken on a role to deal with deliverability and user complaints for...

Author: tzink Date: 03/17/2017

If you want to send to Outlook.com, send with a valid From: address

I've been quiet on this blog for a couple of weeks, and that's because I've been helping out...

Author: tzink Date: 02/17/2017

The difference between adding Safe and Blocked senders in Outlook, vs. Outlook.com

I'm currently doing a bunch of work around making Outlook.com better, and one the things I've...

Author: tzink Date: 01/31/2017

Would a DMARC reject record have prevented Donald Trump from getting elected?

One of the reasons I just wrote that four part series on where email authentication is helpful...

Author: tzink Date: 12/24/2016

Where email authentication falls flat at stopping phishing - impersonation attacks using display tricks

In this series so far, we've seen how email authentication is a great thing at stopping phishing...

Author: tzink Date: 12/06/2016

Where email authentication is potentially great – protecting against spoofing from domains with weak authentication

So, in the past couple of posts, I've talked about how email authentication is not that great...

Author: tzink Date: 12/03/2016

Where email authentication is totally great at stopping phishing – springboard attacks (and filling in the gaps)

As I was saying in my other blog post about email authentication, and how it struggles to stop...

Author: tzink Date: 11/28/2016

Where email authentication is not so great at stopping phishing - random IT phishing scams

On this blog, I've written a lot about email authentication and preached its virtues. If you are a...

Author: tzink Date: 11/23/2016

Troubleshooting the red (Suspicious) Safety Tip for fraud detection checks

Introduction It has now been about 8 months since we released our antispoofing protection in Office...

Author: tzink Date: 11/02/2016

Hotmail/Outlook.com evaluates DKIM a little differently than Office 365

If you're a user in Hotmail, Outlook.com, or any other of Microsoft's consumer email services, you...

Author: tzink Date: 10/18/2016

Messages going to Junk even though they aren't spam? Check to see if you have Safe-Lists-Only enabled

Recently, I've been seeing a spike in customer escalations saying that messages that aren't marked...

Author: tzink Date: 10/12/2016

How we moved microsoft.com to a p=quarantine DMARC record

In case you hadn’t noticed, Microsoft recently published a DMARC record that says p=quarantine:...

Author: tzink Date: 09/27/2016

Sending mail with invalid From: addresses to Office 365

One of the changes to go into Office 365 in the past year is an antispam rule that rejects on...

Author: tzink Date: 08/25/2016

The outbound IP and HELO format for Office 365

Regularly, Office 365 is asked by other email receivers about the way our mail servers and IP...

Author: tzink Date: 07/15/2016

Exchange Online increases its URL filtering

One of the ways in which Exchange Online detects spam, malware, and phishing is through URL...

Author: tzink Date: 07/01/2016

Why does my email from Facebook, that I forward from my outlook.com account, get rejected?

Update on Jan 25, 2017 - Still no timeline on a fix for this, we have repeatedly hit issues. :(...

Author: tzink Date: 05/19/2016

Seven things to know about Safety Tips

As I posted on this blog a couple of months ago, and as we posted on the Office blog last month,...

Author: tzink Date: 05/13/2016

Taking the hassle out of email authentication

Last month in Cologne, Germany, at the Certified Senders Alliance conference, I gave a presentation...

Author: tzink Date: 05/11/2016

Outlook.com DKIM signing done, now on to hotmail.com

A couple of months ago, I wrote a blog post that we were starting to roll out DKIM signing for our...

Author: tzink Date: 04/13/2016

Understanding Safety Tips in Office 365

Exchange Online Protection (EOP) already protects you with industry-leading spam and malware...

Author: tzink Date: 03/30/2016

What Gmail's changes in their web interface means to you as a customer of Office 365

A few weeks ago, Gmail made several changes to better reflect the security status of messages...

Author: tzink Date: 03/28/2016

Can TLS make the user experience better?

This blog post reflects only my opinion about encryption and the protection of sensitive personal...

Author: tzink Date: 03/23/2016

Abstract art and the Final Ultimate Solution to the Spam Problem

I think I finally thought of something relevant to cybersecurity and my last post on why we should...

Author: tzink Date: 03/21/2016

Why study art?

I’ve got an unusual topic to discuss today – art history. You may be wondering “Um, why are you...

Author: tzink Date: 03/19/2016

Next>