Microsoft have announced that their anti-spoofing protection is being rolled out to all organisations with Exchange Online as part of Exchange Online Protection. This feature was previously only available to users with E5 or the Advanced Threat Protection (ATP) add-on.
The changes will begin to be rolled out on 21st September 2018 with completion expected in the weeks following. If you do not want the anti-phishing functionality to be enabled, you need to disable it before the rollout date as it will automatically be enforced.
The anti-spoofing functionality is a key method of preventing phishing attacks. Phishing emails regularly look legitimate by imitating a trusted sender address whilst coming from a different, illegitimate source. This is often used when the attacker is trying to obtain credentials; users are more likely to share details with a sender that they recognise.
The anti-spoofing capability identifies emails from forged senders or spoof domains. It does this by analysing incoming emails to ensure they can be authenticated against, and by doing advanced reputation tests.
When this functionality is rolled out, users will have access to an enhanced anti-spoofing functionality that works alongside their current standards based email authentication. The feature means that messages that fail the extended authentication checks will automatically be sent to the Junk Mail folder. Policies allow the customisation of this and allow you to turn off this functionality if you wish as well.
Microsoft are currently working on further updates, so users can allow / block domains that can send spoofed emails, as well as customise the policies applied to spoofed messages. Any existing allow / block policy will not be affected by the update. Microsoft are hoping to roll out changes in the Security and Compliance Centre soon too.
In addition to this update, Microsoft are working to apply additional functionality for the E5 and ATP users.
For any more information, please get in touch.