Microsoft has put up a barricade against domains hosting phishing attacks by blocking email delivery from those domains. While this move shows Microsoft’s commitment to putting a stop to phishing, small businesses can still get hit, as most of these domains are business domains. This move is a part of a larger industry push to combat phishing, but it is not a comprehensive solution, as there are many other ways for attackers to mask their domains. Therefore, it is important for small businesses to use third-party cybersecurity solutions that can identify the origins of phishing emails and protect against all types of email phishing attacks. Ultimately, human education and caution are still the best defense against these cybercriminals.
Excerpt from the main article:
Microsoft recently posted that their Exchange Online servers (which I think also includes Microsoft 365/Office 365, basically any business email cloud-hosted by Microsoft) will soon block mail from old, unpatched Microsoft Exchange servers.Unlike the recent DMARC changes for Microsoft OLC, this likely has no impact to email marketing senders. Few email marketers are using years-old versions of self-hosted Microsoft Exchange for sending email messages.This does likely have a positive impact on the email ecosystem as a whole, though. Setting aside the snark of Microsoft (new, cloud) blocking Microsoft (old, on premise) servers, rejecting mail from servers that are (or could be) engaging in potentially bad acts is a good way to protect users from malware, phishing and spam, and hopefully will also nudge admins of those outdated servers to either upgrade them or shut them down, which will eliminate them as spam and phish vectors, making all of our inboxes
Microsoft: Blocking Email from Persistently Vulnerable Exchange Servers was originally published on Spam Resource: All Things Deliverability
