Email spoofing is the most common challenge that every organization is facing in current digital world regardless of the size of the organization. Office 365 email protection with DKIM and DMARC helps organization to protect against spoofing that tend to have increased number of spam emails. DomainKeys Identified Mail (DKIM) and Domain-based Messaging and Reporting Compliance (DMARC) checks trusted authenticated sender to prevent untrusted senders from sending spoofed emails.
Inbound validation of DKIM and DMARC is supported in Office 365
What is DKIM?
Domainkeys Identified Mail (DKIM) is a method to validate a digitally signed messaged that appears in the DKIM Signature header in the message headers. It ties an email message to the organization responsible for the message.
More details on DKIM can be found on TechNet.
What is DMARC?
Domain-based Messaging and Reporting Compliance (DMARC) is designed to protect email spoofing when the phisher has spoofed the 5322.From email address that is the email address displayed in email clients like outlook. Sender Policy Framework (SPF) protect the phisher to spoof the emails from 5321.MailFrom. DMARC catches the case that is more deceptive. DMARC results are stamped in authentication header of email.
DMARC evaluate both DKIM and SPF and ensure that the domain matches the domain in 5322.From address. SPF does not protect against 5322.From spoofed emails.
Q: Helo woodgrovebank.com
Q: Mail from: email@example.com <– 5321.MailFrom
Q: Rcpt to: firstname.lastname@example.org
Q: To: “Andrew Stobes” <email@example.com>
Q: From: “Woodgrove Bank Security” firstname.lastname@example.org <– 5322.From
Q: Reply-To: “Woodgrove Bank Security” <email@example.com>
Q: Subject: Woodgrove Bank – Action required
Q: Greetings User,
Q: We need to verify your banking details. Please click the following link to accomplish this.
Q: Thank you,
Q: Woodgrove Bank
The end user will see this information as below.
This email can pass SPF check if the phisher has published the SPF check for woodgrovebank.com but as we know the phisher has spoofed the email using 5321.MailFrom and DMARC will fail on this email. DMARC configurations are already in place in Office 365 for inbound emails and you don’t have to configure anything. In next blog article, we will look into how we can configure DMARC for outbound emails in Office 365.
For more information on office 365 email protection with DKIM and DMARC, please go through the following posts.
Office 365 provides number of tools to maximize the security to secure corporate information based on unique business and technical needs. When built-in Office 365 filters over qualify suspected SPAM, there are a few simple steps administrators can take to whitelist senders and domains in Office 365 to bypass spam filters. It can be a bad experience for end users when legitimate email is being quarantined or blocked as spam and landing in a quarantine folder.
It’s recommended that you being an admin should review your filters so that critical messages bypass the spam folder and reach their intended recipients
You can leverage a safe sender list or a custom transport rule to bypass spam filtering and prevent legitimate email messages from getting marked as junk. Marking a legitimate message incorrectly as spam by the spam filter is known as false positive.
Whitelist Senders and Domains in Office 365
To whitelist senders and domains in office 365 to bypass the spam filter requires you to perform the following steps.
- Scroll down to the bottom and expand “Allow List“
- Click on “Edit” button to add the Allow Sender and Allow Domain list
- Once the users email address is added, click on + button to add the users to the safe sender list
Emails from safe sender list users will not be checked for spam filters and be delivered to recipients
- Once the safe sender list of users is configured, next step is to configure the safe sender domain list.
- Click on “Edit” button to add domains to allowed domain list
- Once the domains are added, emails from these domains will not be checked by spam filters and delivered to users
It’s important to understand that when you add a safe user or domain to the list, you must know the user or domain is legitimate and will not send you a spam email that can harm business operations. Mostly these lists are being configured for business partners or internal applications when sending an email leveraging another media to deliver the emails to mailboxes hosted on Office 365 or systems leveraging exchange online protection to scan the emails before those are being delivered to end user mailboxes.
Exchange Online Advanced Threat Protection
In the modern era, we have seen a steady increase in data security specially the email security against spammer. Spammers are constantly changing the way they send and mask spam/viruses. Microsoft is continuously working to protect their customers against modern era techniques so that customer can enjoy the best in class services. With that being said, On 8-April Microsoft has announced the new advanced robust optional feature to protect against Spam, viruses and malware with Exchange Online Protection. Yes ! I’m talking about new Exchange Online Advanced Threat Protection and I’m excited to deep dive into ATP. Currently ATP is available in private preview only and is expected to be available to commercial customers as optional service by this summer.
ATP will have the following advanced features as optional service.
- Protection against unknown malware & Viruses
- Real time protection against malicious URLs
- URL trace & Rich Reporting
ATP will be available at $2 per user per month for commercial customers and $1.75 for government pricing customers as optional feature.
More details on ATP can be found on Office Blog.