惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Know Your Adversary
Know Your Adversary
T
Tor Project blog
C
Cisco Blogs
G
GRAHAM CLULEY
S
Schneier on Security
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
雷峰网
雷峰网
MongoDB | Blog
MongoDB | Blog
爱范儿
爱范儿
S
SegmentFault 最新的问题
S
Security Affairs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
J
Java Code Geeks
美团技术团队
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
Latest news
Latest news
T
Tailwind CSS Blog
GbyAI
GbyAI
月光博客
月光博客
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
Forbes - Security
Forbes - Security
S
Securelist
AI
AI
Recent Announcements
Recent Announcements
C
Check Point Blog
I
Intezer
宝玉的分享
宝玉的分享
Google DeepMind News
Google DeepMind News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
NISL@THU
NISL@THU
Hacker News: Ask HN
Hacker News: Ask HN
O
OpenAI News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Project Zero
Project Zero
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
博客园 - 【当耐特】
aimingoo的专栏
aimingoo的专栏
F
Full Disclosure
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Register - Security
The Register - Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News

OWASP

Aikido and OWASP bring agentic Code Audit to the global AppSec community | OWASP Foundation Community update regarding Richard Greenberg | OWASP Foundation OWASP Dependency-Track 5.0 Is Now Generally Available | OWASP Foundation Juice Shop v20.0.0 — a fresh squeeze of features, now with AI | OWASP Foundation Welcome to the Google Summer of Code 2026! | OWASP Foundation OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software | OWASP Foundation The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations | OWASP Foundation Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together | OWASP Foundation Announcing the Retirement of OWASP Meetup Platform | OWASP Foundation The OWASP Foundation appoints Stacey Ebbs as Communications & Marketing Manager | OWASP Foundation OWASP Certified Secure Software Developer | OWASP Foundation GSoC 2025 Recap | OWASP Foundation OWASP Top 10 Community Survey | OWASP Foundation OWASP Elections 2025 - Become a member today! | OWASP Foundation Help Support Sherif Mansour by donating blood today! | OWASP Foundation cdxgen and CycloneDX .NET Join GitHub Secure Open Source Fund | OWASP Foundation InfoSecMap x OWASP Collaboration | OWASP Foundation OWASP x Google Summer of Code 2025 - Enabling 15 opportunities for impact | OWASP Foundation OWASP Enables AI Regulation That Works with OWASP AI Exchange | OWASP Foundation OWASP Calls to Build a Unified Framework for Global Vulnerability Intelligence | OWASP Foundation ASVS 5.0 RC1 is ready for your review! | OWASP Foundation OWASP Education and Training Committee update | OWASP Foundation Committees Advisory on Software Bill of Materials and Real-time Vulnerability Monitoring for Open-Source Software and Third-Party Dependencies | OWASP Foundation OWASP Juice Shop leadership changes & contributor recognition | OWASP Foundation Lifecycle events are part of the secure supply chain | OWASP Foundation More than a Password Day 2024 | OWASP Foundation Securing React Native Mobile Apps with OWASP MAS | OWASP Foundation
A workaround for OWASP Foundation emails being blocked by Microsoft Office 365 | OWASP Foundation
Andrew van der Stock · 2024-10-30 · via OWASP
image

Wednesday, October 30, 2024

Over the last several months, OWASP, particularly the owasp.com domain, has been blocked from sending messages to tenants of the Microsoft Office 365 platform or those using Microsoft Defender for Office 365, where messages end up blacklisted in quarantine or never received. Organizations that have failed to receive our emails includes legal firms, our HR firm, our accountants, our European affiliate’s accountants and VAT specialists, and many others, including potential sponsors, donors, and members.

This is an untenable situation, and extremely disappointing that we have been unable to resolve this issue with Microsoft. So we have to use a workaround domain, owaspfoundation.org to send emails to Microsoft 365 tenants. This is not ideal, but we have no other choice. We will never use owaspfoundation.org for any other purpose other than to get around this spam filter insanity. We will never send any marketing or other unsolicited emails from this domain, it will not be linked to our MailChimp or our accounting system. Only select staff have access to this domain, and we will only use it when all else fails.

What have we done to resolve this issue?

We updated and thoroughly tested our SPF and DKIM records for both owasp.com and owasp.org many months ago, and they pass with flying colors. We have tested and improved our MX records thoroughly with the Pro version of mxtoolbox.com and other DNS tools. We have tested email delivery to our friends at various firms. We have reported and have been working with Microsoft to resolve the problem, but to no avail. It is understandable that Microsoft has a very strict anti-spam policy, but it is partially underscored by an AI categorizer, which somehow learned that OWASP Foundation emails are spam, and for whatever reason, Microsoft has been unable or unwilling to untrain their spam filter.

owaspfoundation.org is our last resort email platform

Once we are certain that your organization is not receiving our emails, or they are always being quarantined, we will be using a new domain, owaspfoundation.org, which is hosted on the Microsoft 365 platform to communicate with you. This is not normal, and we need your help to fix the problem.

What can you do?

If you’re receiving email from owaspfoundation.org, please work with your IT department to whitelist owasp.com emails, as we are not able to do so on your behalf.

Outlook and Exchange Online users

Microsoft users need to whitelist our email domains (owasp.org and owasp.com), and click “This is not junk” on our emails that end up in quarantine or in your spam folder. This will help to improve our reputation with Microsoft, and ensure that our emails are delivered to your inbox. This is unfortunately a manual process.

  1. Review your junk mail and quarantine folders
  2. If you find an email from an owasp.org or owasp.com email address in your junk mail folder, click on the email, and then click “This is not junk” in the toolbar. You can also just drag the message back to your Inbox. This will move the email to your inbox, and will help to improve our reputation with Microsoft
  3. If you find an email in your quarantine folder, ask for it to be released, and contact your IT administrators to whitelist owasp.org and owasp.com domains (see below)
  4. You can also add the email address to your safe senders list, which will help to ensure that future emails are always delivered to your inbox.

Microsoft 365 - Exchange Online Protection (EOP) or Microsoft Defender for Office 365

If your organization uses Microsoft Office 365 or Microsoft Exchange Online, there is potentially a separate step you need to do to release the message from quarantine, and then for your administrator to add our email domains to the allow list.

Once requested, please ask your admins to release the email, and add owasp.org and owasp.com to allow sender list so that they don’t need to do this for every email.

Once Microsoft has resolved their spam filter training issue, the OWASP Foundation will revert solely to using owasp.com as our primary email domain.

Conclusion

We apologize for any inconvenience this may cause, but we have no other choice. We have tried everything else, and we are still unable to send emails to Microsoft 365 tenants. If anyone knows anyone senior enough at Microsoft who can help us resolve this issue, please contact me directly.