Readers help support MSpoweruser. We may get a commission if you buy through our links.
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft Exchange has been one of the most popular server-based email and calendar systems around. And, unlike Microsoft Outlook which acts more of like a client-side app, Exchange gives businesses and organizations an infrastructure to manage emails, calendars, contacts, tasks, and collaboration tools.
But now, a recent report details that a misconfiguration in Exchange has left many users vulnerable to email spoofing.
Alexander Romanov of Acronis‘ Threat Research Unit says that an inadequate setup of DMAR policies, despite recommendations from Microsoft, could leave you (and third-party emails) vulnerable to these attacks. It particularly affects hybrid setups where on-premises Exchange servers interact with Exchange Online, and environments using third-party email security solutions.
“Approximately 36% of all info breaches in the EU and U.S. originate from phishing attacks,” says the team.
Last year, Microsoft improved the email verification system through DMARC, but not many users have followed the instructions. So, misconfigurations in hybrid setups and third-party MX servers can bypass essential security protocols like SPF, DKIM, and DMARC, increasing the risk of phishing and spoofing attacks.
That’s important, especially for sending large volumes of email as major providers like Gmail and Yahoo have strict standards. Even Microsoft does not recommend Microsoft 356 for bulk emailing.
Not too long ago, Microsoft also investigated an issue in Exchange Online where emails containing images were being incorrectly marked as malware and quarantined. This problem affected both inbound and outbound emails, including those with image signatures, and impacted many users.
Rafly Gilang
Tech Reporter
Rafly is a reporter with years of journalistic experience, ranging from technology, business, social, and culture. Currently reporting news on Microsoft-related products, tech, and AI on MSPowerUser. Got a tip? Send it to [email protected]