https://news.excello.email/tags/ghost-sender/Recent content in Ghost-Sender on Daily DMARC NewsHugoen-USThu, 18 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-18-ghost-sender-exchange-online-dmarc-bypass-hybrid-spoofing/Thu, 18 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-18-ghost-sender-exchange-online-dmarc-bypass-hybrid-spoofing/<p>In early June 2026, Swiss cybersecurity firm InfoGuard Labs disclosed a vulnerability they named Ghost-Sender: a misconfiguration in Microsoft Exchange Online that allows an attacker to deliver email impersonating any sender &ndash; internal or external &ndash; directly to a target organization&rsquo;s inbox while bypassing SPF, DKIM, and DMARC authentication entirely.</p> <p>Microsoft was notified on April 21, 2026. By May 29, 2026, the company&rsquo;s Security Response Center had classified the issue as a known architectural limitation rather than a product vulnerability. No platform-level fix has been issued. The responsibility for remediation sits entirely with Exchange Online administrators.</p>