Category: Uncategorized
-
Don’t let your domains dangle in Microsoft 365
Expired Domains in Microsoft 365: A Hidden Backdoor to Your Tenant Microsoft 365 tenants typically use custom verified domains (like cybaa.io) for user identities and email addresses. Over time, domains may be retired, perhaps after a rebrand, acquisition, or project sunset, and their registrations allowed to expire. If such expired domains remain listed as verified in…
-
Should banks use push notifications for all transactions?
Recently I received notifications from Starling for card transactions totalling £450 that were not made by me (annoyingly they didn’t go through 3-D Secure for some reason, so for all intents and purposes were successful and £450 had been stolen from me. Fortunately multiple subsequent transactions to the same merchant, Taptap Send which appears to…
-
mx.microsoft is coming!
Microsoft is gearing up for a significant shift in its email security infrastructure, replacing the familiar “mail.protection.outlook.com” with a new set of subdomains under mx.microsoft. This exciting move, starting in March 2024, brings with it a powerful security duo: SMTP DANE and DNSSEC. But before you dive into technical details, let’s unpack what this means…
Joe Tiedeman 