Carding 4 Carders
Professional
Due to an update to the anti-spam system, administrators lost control of their email.
Microsoft recently encountered an issue (tracked as EX682041) related to the anti-spam feature in Microsoft 365, which caused administrators to receive many hidden copies of outgoing messages (Blind Carbon Copy, BCC) that were mistakenly marked as spam. The incident affected Exchange Online users around the world, and in most cases, all emails sent to external addresses were marked as spam.
The problem was completely resolved 14 hours after it appeared. A flaw in the anti-spam system caused administrators ' mailboxes to receive copies of emails sent by other users of the organization to external addresses. In response to numerous user complaints, Microsoft announced the launch of an investigation into the problem.
Based on the results of the audit, it was found that the reason for this situation was the introduction of a new spam filtering rule, which was later disabled. After that, the process of restoring normal operation of the system began. Also, all mislabeled messages were removed from quarantine on the affected servers.
Microsoft has notified administrators about the possibility of disabling the "Send a copy of suspicious outgoing message" feature to prevent similar incidents in the future.
To disable this option, you must:
Administrators are also advised to check whether any users have been added to the list of blocked senders due to an erroneous anti-spam response. If you find such users, you can restore them to the Restricted Entities page on the Microsoft 365 Defender portal. According to Microsoft representatives, in most cases, all restrictions should be lifted from users within one hour, but due to possible technical problems, the process can take up to 24 hours.
The incident once again emphasized the importance of thoroughly testing any changes in security systems before implementing them on servers in order to avoid unpleasant situations and minimize the risk of negative impact on the work of users and administrators.
Microsoft recently encountered an issue (tracked as EX682041) related to the anti-spam feature in Microsoft 365, which caused administrators to receive many hidden copies of outgoing messages (Blind Carbon Copy, BCC) that were mistakenly marked as spam. The incident affected Exchange Online users around the world, and in most cases, all emails sent to external addresses were marked as spam.
The problem was completely resolved 14 hours after it appeared. A flaw in the anti-spam system caused administrators ' mailboxes to receive copies of emails sent by other users of the organization to external addresses. In response to numerous user complaints, Microsoft announced the launch of an investigation into the problem.
Based on the results of the audit, it was found that the reason for this situation was the introduction of a new spam filtering rule, which was later disabled. After that, the process of restoring normal operation of the system began. Also, all mislabeled messages were removed from quarantine on the affected servers.
Microsoft has notified administrators about the possibility of disabling the "Send a copy of suspicious outgoing message" feature to prevent similar incidents in the future.
To disable this option, you must:
- go to the page https://security.microsoft.com/antispam;
- select "Anti-Spam outbound policy" (default);
- uncheck the box "Send a copy of suspicious outgoing message" ("Send a copy of suspicious outbound");
- click the "Save" button.
Administrators are also advised to check whether any users have been added to the list of blocked senders due to an erroneous anti-spam response. If you find such users, you can restore them to the Restricted Entities page on the Microsoft 365 Defender portal. According to Microsoft representatives, in most cases, all restrictions should be lifted from users within one hour, but due to possible technical problems, the process can take up to 24 hours.
The incident once again emphasized the importance of thoroughly testing any changes in security systems before implementing them on servers in order to avoid unpleasant situations and minimize the risk of negative impact on the work of users and administrators.
