I will be speaking at a WICCA online event next week!

Reading Time: < 1 minute It's been a while, but I will be speaking at a WICCA online event next week. WICCA stands for "Women In Cybersecurity Community Association". Their goal is "to bring infosec ladies and female security enthusiasts together to learn about exploits, hacking, incident response, forensics, the low-level stuff and make bad crypto jokes!" At their June virtual meetup, I will be doing a presentation about mail flow. Specifically, around SPF, DKIM, DMARC and mail header analysis. An interesting topic if I

Read more

Easily list mail DNS records via this PowerShell script

Reading Time: 2 minutes I get to investigate quite some mail environments in my work as a consultant. At a certain point you see some patterns emerging. One of those patterns is the correct configuration of mail related DNS records. It's one of the first things I check when I must check an unfamiliar environment. I have talked about this anti-spoofing topic on numerous occasions. I would compare it to a ping test when there are network issues. For several years I have worked

Read more

Quick tips to limit sending mail to the wrong recipient

Reading Time: 4 minutes It happened to all of us: sending a mail to the wrong recipient. Or disclosing the other recipients to each other.Let me show some quick tips that might help limit your users sending information to the wrong recipient. Embarrassing The Dutch Data Protection Agency (Dutch: Autoriteit Persoonsgegevens) is responsible for the supervision of correct handing of personal data. This agency must be informed when there is a breach with personal data. It’s the agency that has its duties described within

Read more

How To: Exchange Authentication Policies

Reading Time: 3 minutes There are several ways how you can protect and limit access to Exchange Online. Conditional Access, Client Access Rules, the older ActiveSync Device rules and, the topic of this post, Authentication Policies. These policies are available in Exchange Online and Exchange Server 2019 since CU2. This article will show you how to implement this. Why use Authentication Policies? Authentication Policies only do one thing: enabling or disabling legacy or basic authentication (I use both terms) on protocols used by Exchange

Read more

I will be speaking at IT/Dev Connections 2018!

Reading Time: < 1 minute Next week I will be speaking at the IT/Dev Connection conference in Dallas (TX) during 16-18th October 2018, which is particularly exciting for me as it is the first time I will present in the USA! The session title is “Securing, Protecting, and Managing the Flow of Corporate Communications”. The session abstract tells you a bit more: Simple Mail Transport Protocol, or as it is better known, SMTP, should be simple. It says so in the name. However, the internet

Read more

I will be speaking at the European Collaboration Summit 2018

Reading Time: < 1 minute Some exciting news! I’ll be speaking at the European Collaboration Summit 2018 in Mainz, Germany on May 28-30. My session is “Securing Exchange Online” and during that hour I will go through the capabilities of Exchange Online (Office 365) to further secure your email data and mail flow based on up-to-date know-how. It’s a topic I like, is quite relevant and popular, I also have to update my session every time with new information and considerations. The Summit itself looks

Read more

Office 365 to enforce TLS 1.2 per October 15, 2020

Reading Time: 5 minutes Update 21 July 2020 Microsoft has set a new date for the deprecation of TLS1.0 and 1.1, after a previous postponement due to the pandemic. You can find it in the Microsoft 365 Message Center message MC218794, which also references this Docs article. From October 15, 2020 onward, Microsoft will gradually enforce TLS1.2 on Office 365 services. Note that this enforcement change will take to roll-out to every tenant etc., so you might not see it immediately. I hope everybody

Read more

I'll be speaking at E-Communications & Collaboration Day 2017 (BE-COM.eu) on May 3rd 2017

Reading Time: < 1 minute In a few weeks, I’ll be travelling to Novotel Leuven in my neighboring country Belgium for the E-Communications & Collaboration Day 2017, a full-day (May 3rd 2017) of expert presentations and content about Office 365, Exchange, Skype for Business and related technologies. During this day, I will be presenting “Securing Exchange Online”: In this session, Dave Stork will go through the capabilities of Exchange Online (Office 365) to further secure your email data and mail flow. Questions like: •    How

Read more

Creating an Activity alert in Office 365

Reading Time: 3 minutes Within Office 365 you can use Audit Logging to monitor specific actions admins and users take. It’s comparable with Auditing within Exchange, but for most of all actions available in your Office 365 tenant. However, you need to do a search to find those actions perhaps long after the fact. That might be adequate for most organizations, but it would be nice to get an near immediate alert on the important stuff. Luckily, that is also possible! Consider the following

Read more

The end is nigh for Exchange 2007: support nearing end and some other reasons to upgrade

Reading Time: 2 minutes The Exchange Team blog reminded us today that in about a year the extended support for Exchange Server 2007 will end. This means no more updates of any kind, not even security updates. Feature updates already stopped 4 years earlier when Mainstream support ended. The product will continue to run, but how longer it’s being kept in production that will add some risk to your environment due to security issues not being fixed. You can find lifecycles of other Microsoft

Read more
1 2