Microsoft is currently rolling out a new feature for Microsoft Office 365 called Unverified Sender.
The unverified sender feature is described on the official Microsoft Roadmap as follows:
Unverified sender is a new Office 365 feature that helps end users identify suspicious messages in their inbox. In order to help customers identify suspicious messages in their inbox, we’ve added an indicator that demonstrates Office 365 spoof intelligence was unable to verify the sender.
While it may sound like more of a visual update, Microsoft states that the way it chooses to tag users as unverified or not is quite complex.
How does the Unverified Sender feature work?
The Unverified Sender feature works by providing you with a distinct visual indicator. Instead of the typical name card consisting of their avatar or contact initials, they will have a question mark displayed.
This greatly increases the chances for Office 365 users to quickly detect potential phishing attacks or potential sender spoofing attempt.
However, it was stated that the Unverified Sender filter will not analyze any emails from a certain sender if the user has set the sender as a Safe Sender in their inbox.
Additionally, it won’t analyze messages that were delivered via an admin allow list.
What criteria will Outlook use to mark emails?
For the question mark in the sender image to not be applied, the message has to pass either SPF or DKIM authentication and receive either a dmarc pass, or a composite authentication pass from Office 365 Spoof Intelligence.
For the via tag, the domain from the From address needs to be the same as the one from the DKIM signature or the SMTP MAIL FROM.
Otherwise, Outlook will display the domain in one of those two fields, with a preference for the DKIM signature.
Are you excited by the new Unverified Sender feature? Let us know in the comments section below.
RELATED ARTICLES YOU SHOULD CHECK OUT: