Office 365 users can expect more email to end up in the junk folder — all for a good cause. Microsoft has ramped up its screening of fraudulent email to stop email spoofing, offering enhanced anti-spoofing protection for holders of Office 365 accounts.
Email spoofing is the use of fake email headers or other data to conceal the source of messages.
In a July blog, Microsoft explained the rampant problem of emails that are vulnerable to “phishers,” scammers who try to obtain sensitive information through email and website falsification.
“As of March 2018, only 9% of domains of companies in the Fortune 500 publish strong email authentication policies,” Microsoft reported. “The remaining 91% may be spoofed by a phisher, and unless the email filter detects it using another policy, may be delivered to an end user and deceive them… Because of the impact of phishing attacks, and because email authentication has been around for over 15 years, Microsoft believes that the risk of continuing to allow unauthenticated email is higher than the risk of losing legitimate email.”
Previously, enhanced anti-spoofing capabilities were only available to E5 and Advanced Threat Protection (ATP) add-on organizations, the email noted.
Microsoft explained that once this feature is enabled, messages that fail their extended implicit authentication checks will be automatically sent to the junk mail folder. Organizations can use policies to customize these actions and turn this functionality on and off.
However, customers who want to disable enhanced anti-spoofing functions will need to set policies before Sept, 21, 2018, because after that date, Microsoft “will begin rolling this feature out worldwide, and will enforce the available settings,” the email warned.
Customers with accounts can view the message in the Office 365 message center. Sinu customers can discuss these security enhancements, your IT security policy, and stopping email spoofing with your Relationship Manager.