Agari makes monkeys out of Microsoft, Again. And Again. And again.

Swell, Agari. (1) When you turn off DMARC enforcement, anybody can pretend to be Azure. (2) Of course, anybody can also pretend to be Outlook, too. Again, Agari has turned off DMARC enforcement. (3) Oh, and a third strike against Agari's: Since Office.com has no SPF record, even though Agari has DMARC set at full enforcement (pct=100), Agari enforcement means bupkis. Anybody can send impersonation attacks pretending to be from MS Office.

Given that Microsoft is the most targeted, most hacked software on the planet, wouldn't it make sense for them to take phishing/spoofing/impersonation seriously? Actually, wouldn't it make sense for them to tell Agari, "You're fired!" Ooh wait, that's a Trump line. How about, "You're outta here, schmucks!"

So I have a question (just like TheAnalyst from yesterday's tweet): WTF?

Mad Max


#microsoft #outlook #azure #agari #phishing @ffforward #ffforward