Microsoft to Extend Enhanced Anti-Spoofing Protection to all Exchange Online Organizations

Currently, the enhanced anti-spoofing capabilities in Exchange Online are only available to Microsoft Office 365 E5 and Advanced Threat Protection (ATP) add-on organizations. However, that’s about to change. Microsoft has announced that starting September 21, 2018 it will extend the enhanced anti-spoofing protection to all Exchange Online Protection (EOP) organizations in Office 365. That’s great news. Email spoofing has been a big problem over the years and by extending this protection to all Exchange Online organizations, more businesses will be able to benefit from this much-needed feature.

The enhanced anti-spoofing functionality in Office 365 takes advantage of the cloud intelligence to look at different patterns and prevent spoofing of domains. This feature works with the existing popular email authentication protocols, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to send potentially malicious messages to the junk mail folder. Organizations have the ability to customize this feature with policies. If you don’t like this feature then you can turn it off. However, by default this feature will be turned on.

This new anti-spoofing functionality will go in effect on September 21, 2018 and will be rolled out worldwide over several weeks. If you want to disable this feature for some reason, make sure that you set the policy to disable this feature before September 21. Essentially you will have a three week window between September 1, 2018 and September 20, 2018 where you will be able to configure the policy option you want in the Security and Compliance Center. Starting September 21 the available setting will be enforced and that’s why Microsoft is giving plenty of notice to its Office 365 customers.

Configuring the Policy

Starting September 1, you will be able to either use the Security and Compliance Center (Threat Management -> Policy -> Anti-Phishing), or PowerShell to configure the desired settings. The Get-AntiPhishPolicy and Set-AntiPhishPolicy cmdlets may not be available before September 1. With these cmdlets, you will be able to control which domains are allowed or blocked from sending spoofed emails.

Microsoft has already tested this feature in its own environment before deploying to its customers. According to Microsoft, initially there were a few legitimate messages that were marked as spam, but over time that changed. In addition to Microsoft, the E5 and ATP customers have also been using this feature for some time so Microsoft has learned a lot over time about various patterns and have plenty of time to tweak its algorithm. Therefore, there is no need to be worry about getting too many messages falsely being identified as spoofed.

Aren’t SPF, DKIM, and DMARC Enough to Prevent Spoofing?

The email authentication protocols (SPF, DKIM and DMARC) are helpful in preventing spoofing. However, dealing with spoofing is a tricky business and sometimes malicious messages still get through. Microsoft believes that if the message has no specific authentication records, the authentication protocols SPF, DKIM and DMARC don’t communicate enough information and that’s why they can’t protect you all the time. To address this issue:

“Microsoft has developed an algorithm that combines multiple signals into a single value called Composite Authentication, or compauth for short. Customers in Office 365 have compauth values stamped into the Authentication-Results header in the message headers.”

Extending the enhanced anti-spoofing protection to all Exchange Online organizations is one of the best thing Microsoft have done for Office 365 email users. I believe, this feature alone is a good reason for a lot of small businesses to migrate their email to Office 365 because they often don’t have the budget or resources to deal with challenges like phishing and spoofing.

If you are interested in learning more about anti-spoofing , check out this article from Microsoft on Anti-spoofing protection in Office 365. It’s a very detailed article and includes just about everything you want to know about anti-spoofing. There is no date and no name of the author so it’s hard to tell when it was published. However, based on the FAQs section at the end of the article it seems like it was written before enhanced anti-spoofing functionality was deployed for E5 and ATP customers.

Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.