Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
Introduction:
The Exchange Online Protection (EOP) team has been actively monitoring the health of our customers’ Exchange Online environments. We have identified an increasing number of Exchange servers that are persistently vulnerable to email spoofing attacks. This type of attack is commonly used by malicious actors to deliver malicious emails to users in an organization. To help protect customers from email spoofing, the EOP team is now throttling and blocking email from these persistently vulnerable Exchange servers to Exchange Online.Background:
Email spoofing is a type of attack that malicious actors use to disguise the origin of malicious emails. By using email spoofing, malicious actors can send emails that appear to be from legitimate sources, making it difficult for users to identify them as malicious. To help protect customers from these types of attacks, the EOP team is now throttling and blocking email from persistently vulnerable Exchange servers to Exchange Online.How Exchange Online Protection is Detecting and Throttling Vulnerable Exchange Servers:
The EOP team is actively monitoring the health of our customers’ Exchange Online environments. We have identified an increasing number of Exchange servers that are persistently vulnerable to email spoofing attacks. The EOP team is now throttling and blocking email from these persistently vulnerable Exchange servers to Exchange Online. This throttling and blocking is done in order to protect customers from malicious emails.Exchange Online Protection Best Practices:
To help protect customers from email spoofing, the EOP team recommends the following best practices: * Ensure that all Exchange servers are properly patched and up to date.
* Implement Domain-based Message Authentication, Reporting, and Conformance (DMARC) on all domain names used to send email. DMARC helps to prevent email spoofing.
* Implement Sender Policy Framework (SPF) records on all domain names used to send email. SPF helps to prevent email spoofing.
* Implement DomainKeys Identified Mail (DKIM) on all domain names used to send email. DKIM helps to prevent email spoofing.
* Ensure all Exchange servers are properly configured to prevent unauthorized access.
* Implement anti-spam and anti-malware protection on all Exchange servers.
* Implement email encryption to help protect sensitive information.
* Monitor Exchange servers for signs of malicious activity.
Conclusion:
The Exchange Online Protection team is actively monitoring the health of our customers’ Exchange Online environments. We have identified an increasing number of Exchange servers that are persistently vulnerable to email spoofing attacks. To help protect customers from email spoofing, the EOP team is now throttling and blocking email from these persistently vulnerable Exchange servers to Exchange Online. The EOP team recommends implementing the best practices outlined in this blog to help protect customers from email spoofing.
References:
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
.
1. Exchange Online Throttling
2. Exchange Online Blocking
3.
