Over the past three months, our threat analysts have noticed a significant spike in attackers abusing Microsoft 365’s Direct Send feature”, a tool intended for devices like printers or scanners to send internal emails without authentication. Unfortunately, threat actors have found a way to exploit this convenience, slipping past critical email security checks like SPF, DKIM, and DMARC.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/07/inside-job-attackers-are-spoofing-emails-with-m365s-direct-send/
