Microsoft on Daily DMARC Newshttps://news.excello.email/tags/microsoft/Recent content in Microsoft on Daily DMARC NewsHugoen-USSun, 21 Jun 2026 08:00:00 +0000All Three Inbox Giants Now Enforce One-Click Unsubscribe -- and the Deliverability Penalty for Getting It Wrong Is a 3x to 7x Inbox Hithttps://news.excello.email/posts/2026-06-21-one-click-unsubscribe-rfc-8058-microsoft-enforcement-deliverability-gap/Sun, 21 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-21-one-click-unsubscribe-rfc-8058-microsoft-enforcement-deliverability-gap/<p>In February 2024, Google and Yahoo told bulk senders that one-click unsubscribe was no longer optional. Most senders treated it as a Google-and-Yahoo problem and updated their templates accordingly &ndash; or believed they already had it covered because their emails contained an unsubscribe link somewhere in the footer.</p> <p>In May 2026, Microsoft completed its own enforcement rollout. The requirement is now active across all three dominant inbox providers. Google, Yahoo, and Microsoft collectively handle the vast majority of personal and business email inboxes in the world. There is no major provider left to wait for.</p>Ghost-Sender: Why DMARC Cannot Stop Spoofing When Exchange Online Is Misconfiguredhttps://news.excello.email/posts/2026-06-18-ghost-sender-exchange-online-dmarc-bypass-hybrid-spoofing/Thu, 18 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-18-ghost-sender-exchange-online-dmarc-bypass-hybrid-spoofing/<p>In early June 2026, Swiss cybersecurity firm InfoGuard Labs disclosed a vulnerability they named Ghost-Sender: a misconfiguration in Microsoft Exchange Online that allows an attacker to deliver email impersonating any sender &ndash; internal or external &ndash; directly to a target organization&rsquo;s inbox while bypassing SPF, DKIM, and DMARC authentication entirely.</p> <p>Microsoft was notified on April 21, 2026. By May 29, 2026, the company&rsquo;s Security Response Center had classified the issue as a known architectural limitation rather than a product vulnerability. No platform-level fix has been issued. The responsibility for remediation sits entirely with Exchange Online administrators.</p>8.3 Billion Phishing Threats in Q1 2026: Why CAPTCHA-Gated Attacks and ClickFix Are Reshaping the Email Security Equationhttps://news.excello.email/posts/2026-05-29-captcha-clickfix-phishing-microsoft-q1-2026-dmarc/Fri, 29 May 2026 09:00:00 +0000https://news.excello.email/posts/2026-05-29-captcha-clickfix-phishing-microsoft-q1-2026-dmarc/<p>Microsoft Threat Intelligence published its Q1 2026 Email Threat Landscape Report in late April, and the headline figure is difficult to absorb: 8.3 billion email-based phishing threats detected in the first three months of 2026. That is roughly 92 million per day, every day of the quarter. The raw volume matters less than what the report reveals about how those threats are being delivered and why the delivery methods are changing so rapidly.</p>