Hackers are increasingly exploiting the Direct Send feature to distribute malicious emails that seem to originate from trusted sources, as reported by the security firm Varonis. These deceptive emails often contain links to counterfeit Microsoft forms. When recipients enter their login credentials into these forms, their information is intercepted by the attackers.
Since May 2025, approximately 70 companies and organizations, primarily located in the United States, have fallen victim to this phishing campaign. This alarming trend highlights the vulnerabilities associated with the Direct Send feature. Microsoft asserts that while Direct Send is designed to be a secure option for email transmission, it necessitates appropriate configuration and diligent lockdown of the smart host.
Unfortunately, not all users adhere to the required settings, leaving them open to attacks. “We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins,” Microsoft advises, indicating that expertise is needed to use this feature safely. In response to these security concerns, users are urged to activate the new “Reject Direct Send” setting within the Exchange Admin Center, a feature introduced in April 2025.
This adjustment can significantly reduce the risks associated with the improper use of Direct Send and help safeguard sensitive information from potential phishing attempts. It is crucial for users to remain vigilant and stay informed about the latest phishing tactics to protect themselves and their organizations from cyber threats. Security awareness measures and proper email configurations can go a long way in mitigating these risks.