“Any other email service that respects and enforces DMARC would have blocked such emails. It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure,” Ovadia concluded. The phishing campaign has been aimed at Microsoft 365 enterpri...