Update on Email Security Enhancements
Caltech has recently experienced a rise in suspicious email activity, including spoofing and phishing attempts. After investigation, the Information Security team identified the root cause as the Direct Send feature in Microsoft 365, which was enabled by default. This feature allowed unauthenticated emails to appear as if they were sent from any @caltech.edu address.
To address this risk, IMSS has disabled Direct Send. While this change may affect some third-party mailers that rely on unauthenticated sending, the security benefits significantly outweigh the potential operational impact.
IMSS has also worked with Microsoft to ensure that commonly used services like MailChimp and Mailman should not be affected.
If you experience any issues or have questions, please contact us at [email protected]
Thank you for helping us keep Caltech secure.