Hardening configurations can help: The disclosure emphasizes that proper configuration of mail authentication mechanisms is the most effective defense against this spoofing vector. Organizations are advised to adopt strict DMARC reject policies and enforce SPF hard fails so that unauthenticated mail claiming to be from their domains is rejected or safely quarantined.Additionally, recommendations include ensuring that any third-party connectors, such as spam filters, archiving services, or legacy mail relays, are correctly set up so that spoof checks can be calculated and enforced consistently.Tenants with MX records pointing directly to Microsoft 365 aren’t vulnerable to this issue because Microsoft’s native spoof detection and filtering mechanisms are applied by default. For more complex mail infrastructures, Microsoft provided specific guidance on mail flow rules and authentication practices to reduce exposure and block spoofed emails before they ever reach end users’ inboxes. Beyond mail authentication fixes, Microsoft urged organizations to harden identity defenses against AiTM phishing, which bypasses passwords by hijacking authenticated sessions. Recommended controls include phishing-resistant MFA such as FIDO2 security keys, Conditional Access enforcement, and protection like MFA number matching to limit the impact of stolen tokens.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4113746/microsoft-warns-of-a-surge-in-phishing-attacks-exploiting-email-routing-gaps.html
