Office 365 unveils major email security boost

Email warning
(Image credit: Shutterstock)

Microsoft has added a new security layer to its Office 365 email service as it looks to improve the integrity of the messages going in and out. 

The company says its new protection, SMTP MTA Strict Transport Security (MTA-STS), a feature it first announced in H2 2020, will solve problems such as expired TLS certificates, problems with third-party certificates, or unsupported secure protocols.

"We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online," Microsoft said in an announcement. 

Extra protection

In practice, the new security layer means all emails that are sent through Exchange Online will only be delivered through connections that have both authentication and encryption. 

That should render downgrade, and man-in-the-middle attacks impossible, or at least - a lot harder to pull off.

"Downgrade attacks are possible where the STARTTLS response can be deleted, thus rendering the message in cleartext. Man-in-the-middle (MITM) attacks are also possible, whereby the message can be rerouted to an attacker's server," the announcement added.

"MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can't be negotiated, for example stop the transmission."

Those interested in adopting MTA-STS should refer to this link, where Microsoft explains the process in detail.

The company is already working on further strengthening the security of Office 365 email. DANE for SMTP (DNS-based Authentication of Named Entities), which is said to provide even better protection than MTA-STS, will be rolled out in the coming months. 

"We will deploy support for DANE for SMTP and DNSSEC in two phases. The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022," BleepingComputer cited the Exchange team.

"We've been working on support for both MTA-STS and DANE for SMTP. At the very least, we encourage customers to secure their domains with MTA-STS," Microsoft added.

"You can use both standards on the same domain at the same time, so customers are free to use both when Exchange Online offers inbound protection using DANE for SMTP by the end of 2022. By supporting both standards, you can account for senders who may support only one method."

Via: BleepingComputer 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
Experts warn millions of email servers could be vulnerable to attack
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
Microsoft Teams
Microsoft Teams is finally introducing a spam and phishing alert - here’s what you need to know
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
US government urges federal agencies to patch Microsoft 365 now
Latest in Security
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
Latest in News
Man adjusting settings on Garmin Fenix 6 watch
Garmin Fenix 6, Enduro, Marq and Tactix watches are getting fixes to solve some frustrating problems – here's what's new
Apple iPhone 16 Plus Review
iPhone 17 Air leaks suggest it'll get next-gen battery – as offset the 17 Pro Max's weight gains
ExpressVPN's new Linux app interface
ExpressVPN releases a major upgrade to its Linux app
Nvidia geforce 4070
Don’t panic, gaming laptop buyers – Nvidia assures us that mobile RTX 5000 graphics cards won’t have the chip-level fault that hit desktop GPUs
Google Chrome logo on desktop and mobile
Google Chrome launches better warning labels to make sure you know you're using a company profile
Google Pixel 8a
Latest leaked Google Pixel 9a images hint at new purple color and the tiniest of camera bumps