Dmarc
The latest Dmarc coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Composite Authentication: Why DMARC Alone Fails Modern Phishing Attacks
A recent surge in spoofed Microsoft 365 emails slipped past standard DMARC filters, reigniting the debate over how trustworthy the gold-standard email authentication protocol truly is. The twist?...
CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners
Microsoft has published a security advisory for CVE-2025-55243, a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable attackers to...
Microsoft Slaps 100-Recipient Daily Limit on onmicrosoft.com Outbound Email to Thwart Spammers
Microsoft is pulling the plug on unrestricted outbound email from its shared onmicrosoft.com domains, imposing a hard cap of just 100 external recipients per tenant every 24 hours. The change,...
Microsoft Caps onmicrosoft.com Emails at 100 External Recipients Per Day — Enforcement Starts October 15
Microsoft will begin throttling emails sent from the default onmicrosoft.com domain to just 100 external recipients per day, starting with trial tenants on October 15, 2025. The limit is a hard cap...
Microsoft Drops Limited Details on CVE-2025-25006 Exchange Spoofing Bug—Here’s How to Protect Your Network
Microsoft has posted a new Exchange Server vulnerability, CVE-2025-25006, with a terse description that points to a spoofing weakness in how the mail server handles special header elements. The...
The Phishing Pipeline: How Attackers Weaponize Microsoft 365 Direct Send to Evade Every Defense
Microsoft 365’s Direct Send feature has become a double-edged sword. Designed to let printers, scanners, and applications relay mail without a dedicated mailbox, it now enables attackers to slip...
Exploiting Microsoft 365 Direct Send: A Rising Internal Phishing Threat and How to Mitigate It
The rapidly evolving landscape of cyber threats has once again placed Microsoft 365 at the forefront of organizational security concerns. Previously hailed as a linchpin of digital collaboration and...
Microsoft 365 Direct Send Exploited for Advanced Phishing Attacks in 2025
Microsoft 365's Direct Send feature, designed to simplify email delivery for businesses, has become an unexpected weapon in the hands of cybercriminals. Security researchers have identified a surge...
Microsoft 365 'Direct Send' Exploited in Sophisticated Phishing Attacks: What You Need to Know
Cybercriminals are increasingly exploiting Microsoft 365's "Direct Send" feature to launch highly convincing phishing attacks that bypass traditional email security measures. This sophisticated...
Microsoft 365 Direct Send Phishing: How to Protect Your Business Now
Microsoft 365's Direct Send feature, designed to simplify email delivery for applications and devices, has become an unwitting accomplice in sophisticated phishing campaigns. Security researchers...
Microsoft 365's Direct Send Feature Exploited in Phishing Attacks: What You Need to Know
Microsoft 365's Direct Send feature, designed to simplify internal email routing, has become an unexpected weapon in cybercriminals' phishing arsenals. Security researchers have uncovered...
Top 10 DMARC Implementation Hurdles in Microsoft 365 and How to Solve Them
Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) in Microsoft 365 is a critical step toward enhancing email security by preventing domain spoofing and phishing...