Ricardo van der Linden | Security Analyst

Welcome to my blog! I started blogging as a way to give back to the community by sharing knowledge. In the IT world, we’ve all faced countless uncertainties, and we grow by helping one another through shared experiences and insights. My focus is largely on email security, as it continues to be one of the main attack vectors for malicious actors.

MTA-STS Explained: A Comprehensive guide to the MTA-STS Policy

This blog post explains how an MTA-STS policy works and how to implement it on GitHub Pages. MTA-STS (Mail Transfer Agent Strict Transport Security) is a security protocol designed to improve the security of email communication by enforcing the use of TLS (Transport Layer Security) to encrypt email traffic between mail servers. It helps prevent man-in-the-middle attacks and downgrade attacks, where an attacker could intercept or tamper with email messages in transit. ...

August 23, 2024 · 6 min

Exchange Online: Configure inbound SMTP DANE with DNSSEC

In this post, you will learn how to enable and use SMTP DANE with DNSSEC in Exchange Online. While outbound SMTP DANE with DNSSEC in Exchange Online has been enabled since 2022, Microsoft is currently rolling out inbound SMTP DANE with DNSSEC in Exchange Online. It is currently in public preview, with General Availability expected in October 2024. In an earlier blog post, I explained how SMTP DANE with DNSSEC works together on a mail and web server. ...

July 28, 2024 · 5 min

Microsoft Defender for Office 365: Safe Attachments policies

Safe Attachments scans and evaluates attachments for malicious content before delivering messages to recipients. What you can manage with a Safe Attachments policy With a Safe Attachments policy, administrators can configure an additional layer of protection against malicious content in email attachments. It scans and evaluates attachments (Safe Attachments opens files in a virtual environment) before delivering messages to recipients. You can create a custom policy to, specify actions for unknown malware, select a quarantine policy, and configure global settings to protect files in SharePoint, OneDrive, and Teams with Safe Attachments. ...

July 12, 2024 · 2 min

Understanding the Role and Benefits of ARC Sealing

This blog post explains the role and benefits of ARC sealing. ARC (Authenticated Received Chain) is an email authentication protocol that preserves the authentication results of an email as it travels through multiple intermediaries, such as forwarding services. By using ARC, organizations can better manage the complexities of email authentication, especially when email is forwarded, but ARC is a collaboration of multiple servers that trust each other. ARC ensures that legitimate emails are less likely to be marked as spam or rejected, while fraudulent emails are more easily identified and filtered out. In this blog post, we will explore the basics of ARC, how it works, and the benefits it provides. ...

May 24, 2024 · 4 min

Microsoft Defender for Office 365: Hardening DKIM and DMARC configuration

Improve email security in Microsoft 365: Fine-tuning DKIM and setup DMARC for the MOERA domain. Fine-tune DKIM by frequently rotating the DKIM keys After setting up DKIM in Microsoft Defender for Office 365, it is also important to set up frequent rotation of these DKIM keys to prevent adversaries from intercepting and decrypting your cryptographic keys. Key rotation helps to minimize the risk of compromising the private keys. In Microsoft 365, you can rotate the DKIM keys for your domains to increase security. The recurrence must be every 3 months because rotating the DKIM keys every 3 months ensures a complete rotation of both selectors every 6 months. You can rotate the DKIM keys manually using the Defender portal or Exchange Online PowerShell, but it is easy to forget if you do it manually. So you should delegate this to Azure Automation by using the runbook below: ...

April 21, 2024 · 3 min