Microsoft 365’s Direct Send feature has become a double-edged sword. Designed to let printers, scanners, and applications relay mail without a dedicated mailbox, it now enables attackers to slip phishing emails and malware straight into inboxes—bypassing security tools that treat Microsoft’s infrastructure as inherently trustworthy. Over the past year, multiple global organizations have been hit by precisely this kind of attack, and security researchers warn the technique is rapidly gaining traction.

Cybercriminals are not breaking into systems in the traditional sense. Instead, they are walking through the front door, weaponizing the trust that email gateways, spam filters, and even advanced threat protection solutions automatically grant to messages originating from Microsoft’s IP ranges. The result is a surge in successful phishing, credential theft, and business email compromise (BEC) that leverages one of the cloud’s most mundane utilities.

Microsoft 365 Direct Send: The Feature That Opened the Door

Direct Send is a relay method built into Exchange Online that lets devices and applications send email internally and externally through Microsoft’s cloud without requiring authentication for each message. It is primarily used for transactional notifications—password resets, printer alerts, scanned documents, and system monitoring. Admins configure an SMTP server address (typically MX.contoso.com), and any device on the organization’s network can pump out mail as long as it respects the connector rules.

What makes it so appealing for legitimate uses—no need to manage credentials, high deliverability, and seamless integration with existing apps—also makes it irresistible to threat actors. Once an attacker controls a tenant or a compromised account within one, they can activate Direct Send in minutes and begin blasting emails that look like they come from a trusted source.

The Trust Inheritance Problem

Email security appliances, Secure Email Gateways (SEGs), and even native Exchange Online Protection (EOP) assign reputation scores based on sender IP and domain history. Microsoft’s outbound IPs are consistently rated as clean. When a message originates from a Microsoft data center, it sails through SPF (Sender Policy Framework) checks because the sending IP is listed in Microsoft’s authorized ranges. DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) can be trivially aligned if the attacker controls the sending domain’s DNS, or bypassed altogether when domains have no DMARC policy or only a weak p=none configuration.

“We’ve seen a pattern where attackers spin up a trial tenant, set Direct Send, and within hours they’re running campaigns that our SEG completely missed,” a senior incident responder told us. “The emails land in the primary inbox, not even the spam folder, because everything checks out technically.”

Inside a Direct Send Attack: Four Steps to Inbox

Threat actors have distilled the abuse process into a repeatable playbook. Here is how a typical campaign unfolds:

Step 1: Tenant Acquisition or Compromise

Attackers can register a fresh Microsoft 365 tenant with a stolen credit card or a one-time virtual card. The barrier is so low that automated tools now create tenants en masse—researchers have catalogued more than 200 malicious tenants in a single week. Alternatively, compromising a legitimate tenant through a phishing attack or credential stuffing provides even greater camouflage, as the existing reputation and mail flow rules of that organization can be exploited.

Step 2: Enabling and Configuring Direct Send

From the Exchange admin center, the attacker navigates to Mail Flow → Connectors and creates a new connector that allows Direct Send from “Your organization’s email server” to “Office 365.” They specify the public IP or certificate of the relay sending the mail, or simply use the organization’s own network if it is already compromised. Then, via PowerShell or a script, they point to {tenant}.mail.protection.outlook.com and start sending. No per-user license is required, making it scalable and cheap.

Step 3: Crafting the Payload

The emails don’t come from anonymized addresses. Attackers often impersonate internal departments (IT, HR, finance) or known vendors. They pull down logos from public websites, copy email footers of previously compromised companies, and tailor subject lines to seasonal events or current crises. Attachments range from weaponized Office documents with macros to HTML files that redirect to phishing portals. Links are wrapped in legitimate URL shorteners or use Microsoft’s own Sway and SharePoint services to add another layer of legitimacy.

Step 4: Delivery and Evasion

Because the messages travel through Microsoft’s outbound pipeline, they inherit all the authentication benefits. SPF aligns, DKIM signs if the domain is configured (and attackers often configure it), and DMARC passes because the sending IP is authorized. Many SEGs and AI-based filters rely heavily on these authentication signals and will downgrade malicious scores when all checks pass. The email lands in the recipient’s inbox, ready to do damage.

Why Traditional Defenses Are Failing

Over-reliance on Authentication Protocols

For years, the industry mantra has been “implement SPF, DKIM, and DMARC to stop spoofing.” This has pushed security teams to treat passed authentication as a green light. But Direct Send abuse demonstrates that authentication alone cannot distinguish between a printer sending a scan and a cybercriminal sending a phishing link. Both originate from the same IP space and pass the same checks.

SEG Blindspots

Secure Email Gateways typically maintain dynamic reputation scores for IPs and domains. Microsoft’s outbound IPs are among the most reputable in the world, so messages from them are often exempted from deep content analysis or sandboxing. Attackers exploit this by staying below the volume thresholds that might trigger anomaly detection—sending a few thousand emails per day from a single tenant is enough to harvest credentials without raising alarms.

Weak DMARC Enforcement

A sobering number of companies have yet to move beyond p=none. Even those with p=quarantine or p=reject often fail to monitor subdomains, leaving the door open to “domain shadowing”—where attackers set up mail.company.com or it-company.com and send from there with valid alignment. Without strict SPF policies that list only known mail servers and DKIM signing that is mandatory for all outbound mail, attackers can manipulate the authentication landscape to their advantage.

Real-World Campaigns: What Investigators Are Finding

Multiple threat intelligence firms have published reports on Direct Send phishing waves throughout the past six months. One campaign targeted financial institutions by spoofing SWIFT payment confirmations. Another went after executives at manufacturing companies with fake contract renewal notices containing macros that deployed Emotet. In each case, the core delivery mechanism was identical: emails relayed through a Microsoft 365 tenant using Direct Send.

Incident response teams are struggling because standard logs show the mail as legitimate. Without fine-grained audit logging and a baseline of normal Direct Send behavior in the organization, detecting the abuse is like finding a needle in a stack of identical needles.

A notable incident involved a mid-sized law firm. Attackers compromised an existing tenant via a brute-force attack on a legacy protocol, then used Direct Send to email every attorney with a “missed court date” notice. The link led to a fake Office 365 login page. Over 40% of recipients entered their credentials, and the attackers used those to pivot into the firm’s document management system, exfiltrating confidential client data.

The Attacker’s Edge: Low Risk, High Reward

Why are criminals flocking to Direct Send? Three factors make it irresistible:

  • Low technical barrier: Setting up a tenant and connector requires no specialized coding skills. Ready-made scripts circulate on underground forums.
  • High deliverability: With Microsoft’s reputation behind them, emails almost never hit the spam folder. One testing group measured a 98% inbox placement rate.
  • Difficult attribution: Microsoft’s shared IP space means defenders cannot easily blacklist a single IP without disrupting legitimate mail. Tenants can be burned and replaced quickly, leaving little forensic trail.

Advanced groups are now combining Direct Send with “consent phishing,” where they trick users into granting OAuth access to a malicious application, which then uses the same tenant to send internal phishing emails that appear to come from colleagues.

Detection and Hardening: What Organizations Must Do

Immediate Actions

  1. Enforce strict DMARC: Move immediately to p=quarantine or p=reject for all owned domains, and monitor subdomains. Ensure that DKIM is configured for every sending domain and that third-party senders are included in SPF via include statements.
  2. Restrict Direct Send to known devices: Limit the connector to accept mail only from specific internal IP addresses or certificates. Use mail flow rules to block outbound mail from Direct Send that matches patterns of external phishing.
  3. Enable mailbox auditing and alerting: Microsoft 365’s unified audit log can capture Direct Send events if the necessary mail flow events are audited. Set up alerts for spikes in outbound volume or for mail sent to large numbers of external recipients in a short time.

Advanced Monitoring

  • Behavioral anomaly detection: Deploy tools that learn normal Direct Send patterns per tenant and flag deviations—such as a printer suddenly sending emails with HTML attachments.
  • Content analysis beyond headers: Implement AI-driven inspection that examines the body, attachments, and URLs against threat intelligence feeds, regardless of authentication status.
  • External recipient review: Regularly audit any Direct Send connectors that permit external delivery. If not needed, disable external routing entirely.

User Education That Sticks

Training users to spot “authenticated looking” phishing is critical. Emphasize that even emails from internal addresses or known senders can be malicious. Teach them to verify wire transfer requests, password reset prompts, and document share invitations through a secondary channel. Real-world phishing simulation exercises using Direct Send-like templates can harden awareness.

Microsoft’s Stance and the Path Forward

Microsoft has acknowledged the abuse potential, publishing guidance on securing connectors and advocating for DMARC enforcement. However, the core issue—the trust model—cannot be solved by a single customer. Microsoft’s own Advanced Threat Protection (now Microsoft Defender for Office 365) can flag suspicious patterns, but it too struggles to discern malicious Direct Send from legitimate transactional mail without extensive tuning.

Industry consortiums are calling for a more robust sender authentication framework that goes beyond SPF/DKIM/DMARC, perhaps incorporating behavioral identity signals or requiring registered application IDs for transactional sending. Meanwhile, security vendors are adding “Microsoft Direct Send abuse” signatures to their detection engines, looking for mismatches between expected device behavior and actual content.

The Bottom Line: Trust No Sender by Default

The exploitation of Direct Send is a textbook case of living-off-the-land in the cloud era. It underscores that perimeter-based email security—where any message passing authentication is presumed safe—is obsolete. Organizations must adopt zero-trust principles for email, treating every message as untrusted until verified by multiple, independent signals. This means layering rigorous authentication policies with dynamic behavioral analysis and empowering employees to be the last line of defense.

Until Microsoft offers tenant-level controls that can completely prevent unauthorized Direct Send use and until the entire ecosystem moves to strict enforcement, attackers will continue to treat the feature as a free pass to the world’s inboxes. The only viable response is proactive, layered defense that assumes any pipe—no matter how trusted—can be turned into a weapon.