Top blog posts from 2015

It’s the last day of 2015 and I thought it would be interesting to look back on the top blog posts of this year. When thinking about this past year, the first topic that comes to mind is Spoofing/Phishing, and anti-spoofing technologies like SPF, DMARC, and DKIM. These types of attacks continue to be heavily…

Troubleshooting and Identifying Spoofing Attacks

Even with technologies like SPF, DMARC, and DKIM, spoofing and phishing attacks are still extremely prevalent. Some of these attacks can be stopped with properly configured SPF, DMARC, and DKIM, where as others need to be targeted with end user education. This isn’t so much of a how to article, but more of a document…


Attack against my Exchange 2013 lab server

I recently came across an attack on my Exchange 2013 lab server and want to share I saw. While this post isn’t directly related to EOP, it is certainly security related and a good reminder of what’s out there. I have an Exchange 2013 lab server running in Microsoft Azure and was recently performing network…


Parsing an extended message trace

Regular message traces are sufficient for most mail flow troubleshooting, but occasionally we need more data which requires obtaining an extended message trace. These traces (provided as a CSV file) contain a plethora of information, however parsing them can be a very overwhelming experience. I would like to share the work flow that I use…


Auditing transport rules

Transport rules contain an Audit setting that is often misunderstood and unchecked without realizing the implications. Unchecking this box has quite adverse effects on future reporting and troubleshooting for the transport rule. While this may be desirable, I see a lot of organizations unchecking this box and not realizing what the impact will actually be….


Outbound DKIM signing in Office 365

Every week I work with multiple customers that have experienced phishing attacks where their own domain has been spoofed by the attacker. The conversation always revolves around implementing SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to secure their domain. For organizations that cannot use SPF because of its limits (the…


EOP Mysteries Solved – Inbound messages from a particular sender arrive with no subject or body

This is an interesting case that I recently worked on and would like to share as part of this series. An organization that uses Exchange Online Protection was receiving automated emails from a partner. These emails were arriving with empty subjects and bodies. When the partner sent the automated emails to a /…


Exchange Server 2016 is now available

Exchange Server 2016 was released this morning and is now available for download. The Exchange Team posted an excellent article about the release which I highly recommend checking out. The following video shows some of the new features included in this release. [View:] For those running Exchange on-premises, enjoy 2016!

Keeping up to date with Office 365 News

The following article was written by Irol Melisa Pinto who is a Technical Advisor for Exchange Online Protection in Microsoft.   Hello folks! In this article my main focus is to show how we can leverage RSS (Rich Site Summary / Really Simple Syndication) feeds to help keep us updated. There is no shortage of…

Useful Wireshark Filters for Mail Flow Troubleshooting

There are some problems that you just can’t solve without getting a network capture with tools like Microsoft Network Monitor (superseded by Microsoft Message Analyzer), Microsoft Message Analyzer, or Wireshark. If I had a tag line, it would be, “When in doubt, run Wireshark.” When a problem makes no sense, or you have run out…