What Steps are You Taking Against the 365 Direct Send Exploit?

By
Aaron Garnes
-
0
7
Asked By TechWizard99 On

I've been noticing some serious issues related to the 365 Direct Send exploit and I'm curious about what you all are doing to manage it. Typically, this wouldn't be a major concern, but our organization relies heavily on various devices and services that depend on our on-premise SMTP server. While some alerts can be rerouted through other methods, there are a few that leave us stumped.

We've already received suspicious emails, appearing to come from some of our executives, complete with the correct domain and signatures, but the headers tell a different story. There have been no sign-ins from sources outside our facility's IP address, which raises flags.

We've implemented SPF, DKIM, and DMARC with a reject policy in place, yet these malicious emails are still sneaking through. What solutions or strategies are you all using to combat this issue?

5 Answers

Answered By ITSupportGuru On

Unfortunately, we haven't made many changes because our software team refuses to update the email server. Without enabling DKIM and other protections, we're kind of stuck.

Answered By CloudDefender88 On

It's essential to follow Microsoft's guidelines for locking down your systems. You can either disable direct send, which limits it to only inbound connectors that are set up with specific IP or certificate restrictions, or you can create a mail flow rule to send any incoming mail that's not from a whitelisted IP through additional spam filtering.

Answered By ServerSentry42 On

One straightforward solution is to create a connector in Office 365 that allows your on-premise SMTP server's IP address to send emails. You also need to disable direct send in Office 365 using PowerShell commands. This can help secure your environment from unauthorized senders.

Answered By EmailTechPro On

It's crucial to have an inbound connector in Office 365 for your on-premise SMTP relay. You should restrict it by IP to enhance security. If direct send is disabled, it shouldn't be a concern since your setup protects your email server.

Answered By NetGuard123 On

We use a transport rule to block any unauthorized direct sends. Here's how it works: the rule activates if the sender's address matches our domain and the email is received from outside our organization. It then rejects the message with a clear explanation of why it's being blocked.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.