Office 365 unveils major email security boost

Man-in-the-middle attacks will be a lot harder to pull off

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas added a new security layer to itsOffice 365email service as it looks to improve the integrity of the messages going in and out.

The company says its new protection, SMTP MTA Strict Transport Security (MTA-STS), a feature it first announced in H2 2020, will solve problems such as expired TLS certificates, problems with third-party certificates, or unsupported secure protocols.

“We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online,” Microsoftsaidin an announcement.

Extra protection

In practice, the new security layer means allemailsthat are sent through Exchange Online will only be delivered through connections that have both authentication and encryption.

That should render downgrade, and man-in-the-middle attacks impossible, or at least - a lot harder to pull off.

“Downgrade attacks are possible where the STARTTLS response can be deleted, thus rendering the message in cleartext. Man-in-the-middle (MITM) attacks are also possible, whereby the message can be rerouted to an attacker’s server,” the announcement added.

“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Those interested in adopting MTA-STS should refer tothis link, where Microsoft explains the process in detail.

Is Microsoft Defender good enough for your PC – or do you need a better free antivirus?>How to spot the warning signs and prevent ID theft>Your GPU could be used to track you online

The company is already working on further strengthening the security of Office 365 email. DANE for SMTP (DNS-based Authentication of Named Entities), which is said to provide even better protection than MTA-STS, will be rolled out in the coming months.

“We will deploy support for DANE for SMTP and DNSSEC in two phases. The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” BleepingComputer cited the Exchange team.

“We’ve been working on support for both MTA-STS and DANE for SMTP. At the very least, we encourage customers to secure their domains with MTA-STS,” Microsoft added.

“You can use both standards on the same domain at the same time, so customers are free to use both when Exchange Online offers inbound protection using DANE for SMTP by the end of 2022. By supporting both standards, you can account for senders who may support only one method.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!