Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1965 posts

Uber Geek


# 259733 18-Oct-2019 09:56
Send private message quote this post

Are 365 Exchange's Spam & malwarefilters damn near worthless ?

So MS's filters cant detect when email is spoofing as a MS email ? , ie they didnt block email pretendng to be from MS itself

 

similar to this, so its not uncommon
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/

 

 


Create new topic
2691 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2340080 18-Oct-2019 10:13
Send private message quote this post

We encourage the use of third party anti-spam systems for our clients to supplement the built-in stuff.  Like Windows Defender, the Microsoft anti-spam stuff is better than nothing, but not by a big margin.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

dt

561 posts

Ultimate Geek


  # 2340095 18-Oct-2019 10:32
Send private message quote this post

yeah do no solely rely on inbuilt protections, if its not their core business focus it usually does the bare minimum. 

 

even on prem exchange has built in malware and spam detection 

 

I dont believe it will natively drop spoofed emails either, this needs to be configured


 
 
 
 


128 posts

Master Geek

Microsoft NZ

  # 2341372 21-Oct-2019 13:56
Send private message quote this post

1101:

 

Are 365 Exchange's Spam & malwarefilters damn near worthless ?

So MS's filters cant detect when email is spoofing as a MS email ? , ie they didnt block email pretendng to be from MS itself

 

similar to this, so its not uncommon
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/

 

 

 

 

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.


1071 posts

Uber Geek

Trusted

  # 2341486 21-Oct-2019 18:56
Send private message quote this post

1101: Are 365 Exchange's Spam & malwarefilters damn near worthless ? ...

 

I think so.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.




1965 posts

Uber Geek


  # 2341681 22-Oct-2019 10:11
2 people support this post
Send private message quote this post

Jogre:

 

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.

 

 

MS's filters should be able to block email spoofed to look like Official MS email's
They dont.

Email claims to be from MS => check server IP it came from => block if not from MS's servers
Is that really too hard ?
I mean, its would help to protect MS's 365/exchange  , would help stop 365 stolen passwords being used to sent 10000's of spams from MS's servers

 

 

 

 


128 posts

Master Geek

Microsoft NZ

  # 2342419 23-Oct-2019 12:37
Send private message quote this post

1101:

 

Jogre:

 

At a baseline, not really. Adding ATP is a solid option for most partners as you have a range of policies (safe links and anti-phishing) you can put in place to protect against this. Unfortunately, most partners just put SPF records in place as a 'least-effort' solution, but that doesn't protect you when someone spins up a trial then you're both using 365 and passing SPF checks.

 

 

MS's filters should be able to block email spoofed to look like Official MS email's
They dont.

Email claims to be from MS => check server IP it came from => block if not from MS's servers
Is that really too hard ?
I mean, its would help to protect MS's 365/exchange  , would help stop 365 stolen passwords being used to sent 10000's of spams from MS's servers

 

 

But we use 365 so if we check the server IPs, it'd check out 😅

 

It is a challenge, but we need to balance privacy as well so we can't just check the body of the message for telltales unless there's a link in there that ATP can test out. Anti-phishing policies in ATP check spoofing of the From Headers which would pick this particular phishing attack up. 




1965 posts

Uber Geek


  # 2342865 24-Oct-2019 10:29
Send private message quote this post

sound like excuses :-)

 

"@accountprotection.microsoft.com"
Spammers using/spoofing that email domain , its been happening for some time
Its common enough that MS's forums are full of questions about it, lots of Tech website mention it

Is it REALLY that hard to , by default, either block or do a basic check on @xxxxx.microsoft.com .
Even some of the worst email hosting services can do better with their spam filters .

 


spammers/hackers pretending to be MS , nothing too serious it seems then.
Have your own (365) customers a/c's potentially compromised , pfft .

 

 

 

 

 

 


 
 
 
 




1965 posts

Uber Geek


  # 2343414 25-Oct-2019 10:36
Send private message quote this post

and another one

 

The default 365 spam filter cant detect when noreply@microsoft.com is a spoofed email , trying to steal 365 logins & passwords

 

I guess we just wait till the problem is so bad that MS is shamed into doing something


3216 posts

Uber Geek

Subscriber

  # 2343486 25-Oct-2019 12:46
Send private message quote this post

Microsoft want you to pay for ATP.

 

I use MXGuardDog with some of our O365 tenants and disable the Junk mail filter in O365 completely.
Works great and very cheap at US$0.25 per email address.

 

 


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.