Enhance the visual identity of your email with BIMI
In this post, you will learn what BIMI is, how it works, and the benefits it brings to your domain, including increased trust and brand visibility. In today’s digital age, making a memorable first impression is crucial. With the increasing volume of emails, standing out in the inbox can be challenging. That’s where BIMI (Brand Indicators for Message Identification) comes in, transforming how brands interact with recipients through email. Why BIMI matters BIMI allows your brand’s logo to appear alongside your emails, providing visual trust cues to recipients. This simple addition can significantly enhance brand recognition and trust, making your communications more engaging and trustworthy. ...
MTA-STS Explained: A Comprehensive guide to the MTA-STS Policy
This blog post explains how an MTA-STS policy works and how to implement it on GitHub Pages. MTA-STS (Mail Transfer Agent Strict Transport Security) is a security protocol designed to improve the security of email communication by enforcing the use of TLS (Transport Layer Security) to encrypt email traffic between mail servers. It helps prevent man-in-the-middle attacks and downgrade attacks, where an attacker could intercept or tamper with email messages in transit. ...
Exchange Online: Configure inbound SMTP DANE with DNSSEC
In this post, you will learn how to enable and use SMTP DANE with DNSSEC in Exchange Online. While outbound SMTP DANE with DNSSEC in Exchange Online has been enabled since 2022, Microsoft is currently rolling out inbound SMTP DANE with DNSSEC in Exchange Online. In an earlier blog post, I explained how SMTP DANE with DNSSEC works together on a mail and web server. A short recap: Outbound SMTP DANE with DNSSEC sending mail server: Requests DANE TLSA records of the receiving domain’s MX record. Inbound SMTP DANE with DNSSEC receiving mail server: Requires DNSSEC and DANE TLSA records that can be requested by the sending mail server. Inbound SMTP DANE with DNSSEC benefits Authentication of TLS Certificates: SMTP DANE ensures that the TLS certificates used in email exchanges are authenticated. Reduction in Delivery Failures: By using DANE, the sending mail server can verify that the recipient’s server supports and prefers secure TLS connections. Enhance Email Reputation: Demonstrate that you comply with the latest security standards. Integrity and Authenticity of DNS Records: DNSSEC adds a layer of security to the DNS system by digitally signing DNS records. Prerequisites Before you enable inbound SMTP DANE with DNSSEC in Exchange Online for a domain, you must have added the domain as an Accepted domain and the domain status must be Healthy in the Microsoft 365 Admin Center. The current domain’s MX record must have a priority of 0 or 10 and must not have a fallback or secondary MX record. ...
Microsoft Defender for Office 365: Safe Attachments policies
Safe Attachments scans and evaluates attachments for malicious content before delivering messages to recipients. What you can manage with a Safe Attachments policy With a Safe Attachments policy, administrators can configure an additional layer of protection against malicious content in email attachments. It scans and evaluates attachments (Safe Attachments opens files in a virtual environment) before delivering messages to recipients. You can create a custom policy to, specify actions for unknown malware, select a quarantine policy, and configure global settings to protect files in SharePoint, OneDrive, and Teams with Safe Attachments. ...
Understanding the Role and Benefits of ARC Sealing
This blog post explains the role and benefits of ARC sealing. ARC (Authenticated Received Chain) is an email authentication protocol that preserves the authentication results of an email as it travels through multiple intermediaries, such as forwarding services. Using ARC helps organizations handle the complexities of email authentication, especially when emails are forwarded. ARC involves multiple servers working together based on mutual trust. ARC ensures that legitimate emails are less likely to be marked as spam or rejected, while fraudulent emails are more easily identified and filtered out. In this blog post, we will explore the basics of ARC, how it works, and the benefits it provides. ...
Microsoft Defender for Office 365: Hardening DKIM and DMARC configuration
Improve email security in Microsoft 365: Fine-tuning DKIM and setup DMARC for the MOERA domain. Fine-tune DKIM by frequently rotating the DKIM keys After setting up DKIM in Microsoft Defender for Office 365, it is also important to set up frequent rotation of these DKIM keys to prevent adversaries from intercepting and decrypting your cryptographic keys. Key rotation helps to minimize the risk of compromising the private keys. In Microsoft 365, you can rotate the DKIM keys for your domains to increase security. The recurrence must be every 3 months because rotating the DKIM keys every 3 months ensures a complete rotation of both selectors every 6 months. You can rotate the DKIM keys manually using the Defender portal or Exchange Online PowerShell, but it is easy to forget if you do it manually. So you should delegate this to Azure Automation by using the runbook below: ...
Understanding S/MIME: Enhancing Email Security
Unlocking the Power of S/MIME: This article will help you understand S/MIME and how to request, configure, and use S/MIME on your devices. What is S/MIME? In today’s digital landscape, the security of sensitive information transmitted via email is critical. One method of safeguarding email communications is through the use of S/MIME (Secure/Multipurpose Internet Mail Extensions). S/MIME is a widely adopted protocol that provides end-to-end encryption and digital signatures, ensuring the confidentiality, integrity, and authenticity of email messages. ...
Microsoft Defender for Office 365: Attack simulation training
With Microsoft Defender for Office 365, you can create an attack simulation training to identify vulnerable users and mitigate potential threats before they impact your organization. Think before you click Understanding the intricacies of cybersecurity is crucial in today’s digital landscape. Attack simulation training is indispensable for users as it provides hands-on experience in recognizing and defending against potential threats. This proactive approach empowers individuals to enhance their security awareness, identify vulnerabilities, and contribute to a more resilient organizational defense against cyber attacks. ...
DNSSEC and DANE explained
In this post, you find out how DNSSEC and DANE cooperate, and learn how to set up DANE TLSA DNS records. DNSSEC (Domain Name System Security Extensions) The domain name system (DNS) is the phone book of the Internet: it tells computers where to send and retrieve information. Unfortunately, it also accepts any address given to it, no questions asked. DNSSEC adds a security layer to this phonebook. It uses digital signatures to make sure the information in the phonebook can be trusted and hasn’t been tampered with. It’s like putting a lock on the phonebook to prevent DNS spoofing. ...
Microsoft Defender for Office 365: Safe Links policies
Safe Links scans URLs in incoming messages and checks the links for malicious content at the time they are clicked. What you can manage with a Safe Links policy With a Safe Links policy, administrators can configure and manage this policy to protect users from clicking harmful links and being redirected to malicious websites. Safe Links provides URL scanning for links in email messages, Microsoft Teams, and supported Office 365 applications. You can create custom Safe Links policies that apply to specific users, groups, or domains. ...