Latest news with #outlook.com
Forbes
19-04-2025
- Forbes
You Have 16 Days To Comply — New Rules Impact 500 Million Outlook Users
New security rules come into place for on May 5. Update, April 19, 2025: This story, originally published April 18, has been updated with further advice from Red Sift's Faisal Misle on gaining compliance with the new Microsoft Outlook email authentication rules, which will take effect on May 5. Email has been both a blessing and a curse for billions of users. Unfortunately, it's definitely been a blessing for hackers and a curse for consumers who receive their phishing attacks, malware attachments and more. Although highly-targeted 'spear' phishing attacks are increasingly seen as the way to go by sophisticated threat actors, there's no doubting the broad impact that spray-and-pray scammers, sending large volumes of email on a daily basis, have on the email ecosystem. It's these malicious spam floods that can cause the most significant security issues, and it's these that Microsoft is focusing on as it introduces new email security rules impacting the 500 million users of including and addresses. Here's what you need to know and do before May 5. Google has already taken action against the problem of malicious bulk senders impacting the security of users of the Gmail service by introducing new sender authentication requirements on April 1. The point of these news rules is to mitigate the risk of criminals using unauthenticated or compromised domains to deliver dangerous payloads. Now, at last, Microsoft is following suit and introducing similar rules to 'reduce the likelihood of spam and spoofing campaigns reaching our user base,' according to an April 2 Microsoft announcement on the Windows Defender security blog. Applying to domains sending more than 5,000 emails in a single day, and to the consumer service that supports and consumer domain addresses, the May 5 rules will require mandatory Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance compliance. 'Non‐compliant messages will first be routed to Junk,' Microsoft said, and eventually rejected if issues remain you are sending marketing materials, or maybe just run a large hobby mailing list, you need to take note. The full email authentication process has been explained in some detail by Microsoft, but the bullet point compliance requirements are as follows: 'These measures will help reduce spoofing, phishing, and spam activity,' Microsoft said, 'empowering legitimate senders with stronger brand protection and better deliverability.' This mirrors the statements made by Google regarding the introduction of mandatory strong email sender authentication to protect users of the Gmail service. To meet the May 5 deadline, however, organizations must first set up email addresses to receive DMARC reports. 'If you are set up for DMARC,' Faisal Misle, the technical lead at Red Sift, said, 'receiving the reports is part of the DMARC protocol to protect you against spoofing and improve overall email deliverability.' Misle warned that the market is filled with DMARC providers and choosing the right one is paramount. 'My best advice is to pick the DMARC provider that, yes, gets you quick results,' Misle concluded, 'but also helps you visualize the problem by prioritizing the results.' Misle said the decision to enforce strict email authentication for anyone sending more than 5,000 emails per day will soon make Microsoft's email ecosystem safer. I would have to say that is the likely result, no hyperbole required, based upon the impact that Google doing the same for Gmail has proven to have had. Neil Kumaran, the group product manager of Gmail security and trust, told me that within 12 months there had been an 'unprecedented improvement in the fundamental security of email.' That can be broken down into the following numbers: a 65% reduction in unauthenticated messages sent to Gmail users, 50% more bulk senders following secure practices, and, wait for it, 265 billion fewer unauthenticated messages sent. 'Whether you are at a large organization or a small firm where the same person who sets up email might also be head of HR,' Misle told me, 'the urgency of the situation cannot be overstated.' That May 5 deadline will all too soon be upon us, so the time to act is very much right now. At a time when more than 90% of cyberattacks originate with email, Misle continued, 'Microsoft has made it clear that DMARC, SPF, and DKIM —all three authentication methods—must be implemented.' Misle advised that the following technical steps must be taken to ensure May 5 compliance: Misle warned that 'you are never too small to have these problems,' and urged all organizations must think of DMARC protection not as something you farm out and forget about, but 'as real-time intelligence to protect the health of your business.' If you are a bulk sender of email using the platform, take heed and act now — time is fast running out.
Forbes
18-04-2025
- Forbes
You Have 17 Days To Comply — New Rules Impact 500 Million Outlook Users
Email has been both a blessing and a curse for billions of users. Unfortunately, it's definitely been a blessing for hackers and a curse for consumers who receive their phishing attacks, malware attachments and more. Although highly-targeted 'spear' phishing attacks are increasingly seen as the way to go by sophisticated threat actors, there's no doubting the broad impact that spray-and-pray scammers, sending large volumes of email on a daily basis, have on the email ecosystem. It's these malicious spam floods that can cause the most significant security issues, and it's these that Microsoft is focusing on as it introduces new email security rules impacting the 500 million users of including and addresses. Here's what you need to know and do before May 5. Google has already taken action against the problem of malicious bulk senders impacting the security of users of the Gmail service by introducing new sender authentication requirements on April 1. The point of these news rules is to mitigate the risk of criminals using unauthenticated or compromised domains to deliver dangerous payloads. Now, at last, Microsoft is following suit and introducing similar rules to 'reduce the likelihood of spam and spoofing campaigns reaching our user base,' according to an April 2 Microsoft announcement on the Windows Defender security blog. Applying to domains sending more than 5,000 emails in a single day, and to the consumer service that supports and consumer domain addresses, the May 5 rules will require mandatory Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance compliance. 'Non‐compliant messages will first be routed to Junk,' Microsoft said, and eventually rejected if issues remain you are sending marketing materials, or maybe just run a large hobby mailing list, you need to take note. The full email authentication process has been explained in some detail by Microsoft, but the bullet point compliance requirements are as follows: 'These measures will help reduce spoofing, phishing, and spam activity,' Microsoft said, 'empowering legitimate senders with stronger brand protection and better deliverability.' This mirrors the statements made by Google regarding the introduction of mandatory strong email sender authentication to protect users of the Gmail service. To meet the May 5 deadline, however, organizations must first set up email addresses to receive DMARC reports. 'If you are set up for DMARC,' Faisal Misle, the technical lead at Red Sift, said, 'receiving the reports is part of the DMARC protocol to protect you against spoofing and improve overall email deliverability.' Misle warned that the market is filled with DMARC providers and choosing the right one is paramount. 'My best advice is to pick the DMARC provider that, yes, gets you quick results,' Misle concluded, 'but also helps you visualize the problem by prioritizing the results.' If you are a bulk sender of email using the platform, take heed and act now — time is fast running out.
