Attackers rarely miss an opportunity to twist a convenient feature into a phishing tool. Exchange Online’s Direct Send is the latest example: security researchers have documented campaigns that drop fake “internal” messages straight into corporate inboxes-no credentials required. Headlines warn that these messages “bypass SPF, DKIM and DMARC,” leaving IT teams wondering whether the standard …
