Data Breach Notifications Flagged As Spam

Microsoft has been caught out by its own security settings after data breach notification emails to Microsoft 365 customers were flagged as spam. Microsoft had to override its own DMARC anti-spoofing protocols, and ignore the lack of SPF and DKIM authentication on the emails, which asked for high-level account information and contained a link not obviously associated with the company. Security researcher Kevin Beaumont flagged the issue.