Disclosure- We at Lightsprocket 100% believe in the responsible disclosure of what we consider to be vulnerabilities or security flaws. As such, this article was disclosed to Microsoft as VULN-041203 and Microsoft was given opportunity to respond before we posted this article. During a recent engagement we worked through a phishing investigation. The question that was asked – How was a customer getting obviously positive phishing emails delivered directly to

Office365 can sometimes be a cryptic beast. Spam and bulk email confidence levels can be complex to understand completely. This was the case with me. I had setup a partner organization connector with Salesforce. Awesome, I thought- they can send into my organization without spoofing my domain – and they’re trusted – so why would they hit spam. Well as it turns out, Salesforce has a bulk email rating of