Terry Zink: Security Talk
Discussing Internet security in (mostly) plain English
A Powershell script to help you validate your DKIM config in Office 365
One of our support engineers (not me, so let’s give credit where credit is due) wrote a script to...
Author: tzink Date: 03/07/2016
How antispoofing protection works in Office 365
Update: This blog post is being deprecated and information has been moved to docs.microsoft.com:...
Author: tzink Date: 02/23/2016
Common errors in SPF records
The other day I was asked to come up with some common errors that we see when people set up SPF...
Author: tzink Date: 02/19/2016
I don’t mean to name and shame, but I will
A few months ago, I made the mistake of signing up for a webcast that opted me in to getting...
Author: tzink Date: 02/03/2016
Office 365 is expanding its DKIM-signing to our consumer brands plus adding default signatures to enterprise email traffic
Here at Office365 and Hotmail/outlook.com, we are making some changes with regards to our...
Author: tzink Date: 01/25/2016
Email authentication should work out of the box and we should not rely upon domain owners to do it themselves
This is going to be a long post. Sorry. I didn’t have time to write a shorter one. Who should be...
Author: tzink Date: 01/22/2016
The common types of spear phish we see today
As 2015 draws near to a close, I thought I’d write a blog post about the type of spear phishes we...
Author: tzink Date: 12/28/2015
Exchange Online is rolling out default DKIM-signing to everyone
If you are a customer of Office 365 (Exchange Online Protection, or EOP), you may have noticed, or...
Author: tzink Date: 12/16/2015
DMARC one year later, and what have we learned?
It has been one year since I posted that Office 365 now supports inbound DMARC verification. What do...
Author: tzink Date: 12/03/2015
How I personally use Outlook with Office 365
Sometimes people ask me how they should configure Outlook and Office 365 (Exchange Online...
Author: tzink Date: 11/18/2015
How Office 365 does automatic DKIM key rotation
As you can see from one of my other posts, Office 365 now lets you sign your outbound email with...
Author: tzink Date: 10/30/2015
Manually hooking up DKIM signing in Office 365
Note: This content also appears on our official documentation here, Use DKIM to validate outbound...
Author: tzink Date: 10/08/2015
Combating spoofing
Three years ago, I wrote a blog post entitled Combating Phishing talking about what Exchange Online...
Author: tzink Date: 09/10/2015
Analyzing the language of the Safe Links design of Advanced Threat Protection in Office 365
A couple of months ago, Office 365 released Advanced Threat Protection (ATP) for Exchange Online...
Author: tzink Date: 08/25/2015
(Not) Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing
Recently, I’ve noticed that sometimes customers in Office 365 will login to the Exchange Admin...
Author: tzink Date: 07/21/2015
What is the best combination for your SPF record, DKIM record, and DMARC record?
Sometimes [1] people ask me what the best combination of SPF record is if they publish a DMARC...
Author: tzink Date: 07/12/2015
Podcast episode 6 – Facebook’s new PGP feature is nice, but…
Description A couple of weeks ago, Facebook released support for PGP, and that's great. Facebook is...
Author: tzink Date: 06/14/2015
A fourth option for solving the problem of DMARC’s incompatibility with mailing lists – Part 3
We’ve looked at three options for solving the problem of mailing lists who have problems delivering...
Author: tzink Date: 05/29/2015
Three options for solving the problem of DMARC’s incompatibility with mailing lists – Part 2
How can we solve the problem of mailing lists breaking DMARC? 1. Don’t let anyone with a DMARC...
Author: tzink Date: 05/28/2015
Solving the problem of DMARC’s incompatibility with mailing lists – Part 1
One of the problems that the email filtering community still hasn’t solved with regards to DMARC is...
Author: tzink Date: 05/28/2015
What is DMARC BestGuessPass in Office 365?
If you’re a customer of Office 365, you know that you’ve been protected by DMARC for the past...
Author: tzink Date: 05/06/2015
Office 365 and outlook.com/Hotmail are converging infrastructure
If you’ve talked to me in person over the past few months, you may have heard me talk about...
Author: tzink Date: 04/18/2015
Office 365 and outlook.com/Hotmail are converging infrastructure
If you’ve talked to me in person over the past few months, you may have heard me talk about this....
Author: tzink Date: 04/18/2015
Office 365 will slightly modify its treatment of anonymous inbound email over IPv6
Exchange Online Protection (EOP), aka Office 365, is going to be making a small change to its...
Author: tzink Date: 04/18/2015
Podcast episode 4 – Why do spammers spam?
This podcast is episode 4 of the Terry Zink: Security Talk podcast. It’s based upon a blog...
Author: tzink Date: 03/22/2015
Podcast episode 3 – The psychology of spamming.
This podcast is episode 3 of the Terry Zink: Security Talk podcast – The psychology of...
Author: tzink Date: 03/22/2015
How to align with SPF and DMARC for your domain if you use a lot of 3rd parties to send email as you
Background One of the pieces of advice I frequently give these days to organizations is for domains...
Author: tzink Date: 03/13/2015
Best Practices for Exchange Online Protection customers to align with DMARC
Background Spammers frequently forge the "From" address on email messages so the spam...
Author: tzink Date: 03/03/2015
How Office 365 does SPF checks for customer-to-customer mail
There may be some confusion about how Office 365, or Exchange Online Protection (EOP), does SPF...
Author: tzink Date: 02/26/2015
My podcast: Episode 2 – The Red Queen theory of cyber security
This podcast is episode 2 of the Terry Zink: Security Talk podcast – The Red Queen theory of...
Author: tzink Date: 02/17/2015
My podcast: Episode 1 – The Terry Zink Security Talk Podcast Begins!
It’s finally here, the Terry Zink: Security Talk podcast! This podcast is a short...
Author: tzink Date: 02/03/2015
Cyber thieves stealing from businesses and how DMARC can help
I read an article yesterday entitled Cyber thieves stole $215 million from businesses using hacked...
Author: tzink Date: 01/30/2015
The Red Queen theory of Internet security
I sometimes think to myself about how little progress has been made in Internet security in general...
Author: tzink Date: 01/16/2015
An update on DKIM-on-IPv4 and DMARC in Office 365
If you’re wondering when Office 365 is going to release inbound validation for DKIM-on-IPv4 and...
Author: tzink Date: 01/09/2015
Office 365 releases IP throttling
Update: This blog post is being deprecated and information has been moved to docs.microsoft.com:...
Author: tzink Date: 01/07/2015
I am thinking of starting a podcast
For several months now, I have been thinking about starting a podcast – Terry Zink: Security Talk...
Author: tzink Date: 01/06/2015
Office 365 increases its malicious URL coverage
Over the past two weeks, Office 365 (Exchange Online Protection) has improved its detection of spam,...
Author: tzink Date: 12/19/2014
A workaround for receivers who want anonymous inbound email over IPv6 but receive a lot of unauthenticated email
When signing up for anonymous inbound IPv6 support in Office 365, Office 365 requires that senders...
Author: tzink Date: 12/06/2014
Using DMARC in Office 365
Exchange Online Protection (EOP), also known as Office 365, will soon be supporting DMARC for...
Author: tzink Date: 12/03/2014
I am now helping out a little bit with Hotmail and outlook.com
One of the projects I will be working on going forward is helping out with some of the filtering...
Author: tzink Date: 11/28/2014
Gaining experience with encryption and key rotation
This year I’ve had the privilege of expanding some of my skill set in a field which I find...
Author: tzink Date: 11/26/2014
Improving Backscatter detection with Boomerang
One of the features we have been working on in Office 365/Exchange Online Protection (EOP) is called...
Author: tzink Date: 11/22/2014
Why do I have to give up my email address in order to get discounts?
This weekend, I went shopping at random stores around the city where I live. For you see, my wife...
Author: tzink Date: 11/11/2014
Slideshow: A brief overview of how email over IPv6 works in Office 365
The following is a brief overview of how email over IPv6 works in Office 365, and why we are doing...
Author: tzink Date: 11/04/2014
Slideshow: A brief introduction to DMARC
Below is a slideshow of a presentation about DMARC I did at this year’s Virus Bulletin...
Author: tzink Date: 11/04/2014
An interview with William Binney, former NSA analyst and whistleblower
A few days ago, I posted my notes on Keith Alexander’s talk at MIRcon about the NSA. Today, here’s a...
Author: tzink Date: 10/29/2014
How to create Allow rules in Office 365 for senders over IPv6 (and also for IPv4)
Office 365 now permits anonymous inbound email over IPv6. Most of the functionality works the same...
Author: tzink Date: 10/28/2014
Support for anonymous inbound email over IPv6 in Office 365
Office 365 now supports anonymous inbound email over IPv6. In this case, “anonymous” means: The...
Author: tzink Date: 10/28/2014