Microsoft Defender for Office 365: Support DKIM Domain as Sending Infrastructure for Spoof intelligence management

For Microsoft Defender for Office 365 and Exchange Online Protection, we are adding support for providing “DKIM verified domain” as the “Sending Infrastructure” within Tenant allow-block lists-Spoofing, so that Security Administrators can better manage Anti-Spoofing activity and override it based on Spoof Intelligence. Currently, what is supported in this field is either the domain from DNS PTR record or /24 IP Subnet. Additionally, being able to specify a ‘DKIM verified domain’ will help serve scenarios where shared infrastructure provider services are used for sending emails. Since the DKIM domain is unique to each tenant and if it passes verification even when other authentication signals fail, if desired for legitimate business reasons, a spoofed message can still be allowed instead of being blocked.
More info: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#domain-pair-syntax-for-spoofed-sender-entries-in-the-tenant-allowblock-list

Product Microsoft Defender for Office 365
Release phase General Availability
Release date July CY2022
Platform Web
Cloud Instance DoD, Worldwide (Standard Multi-Tenant), GCC High, GCC
Created 2022-06-14
Roadmap ID 93359
Roadmap Link https://www.microsoft.com/microsoft-365/roadmap?featureid=93359


No comments yet

Leave a Reply


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: