Notifications
Clear all
Topic starter
27/06/2026 1:37 pm
TL;DR: Ghost-Sender shows that some Exchange Online tenants can still deliver spoofed mail directly to the inbox even when SPF, DKIM, and DMARC fail, bypassing MX-listed inspection paths and weakening SEG-based defenses, according to Abnormal AI. Email authentication only protects users when mail flow enforcement matches the intended route.
NHIMG editorial — based on content published by Abnormal AI: Ghost-Sender bypasses SEGs by sending mail directly to Exchange Online
Questions worth separating out
Q: How should security teams stop spoofed mail that bypasses the MX gateway path?
A: They should validate whether the tenant can accept mail directly, then enforce rejection or quarantine with connectors and transport rules that match approved routes.
Q: Why do SPF, DKIM, and DMARC sometimes fail to protect Exchange Online tenants?
A: They fail when the environment treats authentication as a signal rather than a blocking condition.
Q: What breaks when a secure email gateway is only part of the trust model?
A: The inspection model breaks because the gateway sees only the mail that is routed through it.
Practitioner guidance
- Validate direct-to-tenant mail acceptance Confirm whether your Exchange Online tenant accepts inbound mail outside the MX-listed inspection path and record whether spoofed messages are rejected, quarantined, or delivered.
- Harden partner and transport rules Use Partner Organization connectors and transport rules to reject or quarantine mail that does not arrive from approved sender IP ranges or expected internal auth markers.
- Review Direct Send exposure Disable Direct Send where possible and verify that unauthenticated mail to the Exchange Online ingress endpoint receives a non-delivery response instead of inbox delivery.
What's in the full article
Abnormal AI's full research covers the operational detail this post intentionally leaves for the source:
- Step-by-step validation guidance for Exchange Online tenants that may accept mail outside the intended inspection route
- Connector and transport-rule configuration detail for rejecting or quarantining direct-to-tenant messages
- Header-analysis examples that show how to spot mail-flow discrepancies in practice
- Testing notes on which Exchange Online controls failed in the documented configuration
👉 Read Abnormal AI's analysis of Ghost-Sender and Exchange Online spoofing →
Ghost-Sender and Exchange Online spoofing: are your controls enforcing delivery?
Explore further
27/06/2026 3:01 pm
Mail-flow enforcement is the control, not SPF, DKIM, or DMARC alone. Those protocols tell you whether a sender is authenticated, but they do not guarantee that unauthenticated mail will be stopped before delivery. Ghost-Sender shows that security teams can be correct on authentication and still be wrong on enforcement. The implication is that identity security for email must include the acceptance path, not just the authentication result.
A few things that frame the scale:
- In one reported example, authentication headers showed SPF failure, DKIM not signed, and DMARC failure, yet the message still reached the inbox, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
A question worth separating out:
Q: Who is accountable when spoofed mail reaches the inbox despite failed authentication?
A: Accountability sits with the teams that own mail routing, tenant configuration, and identity security together. If routing allows direct delivery and policy does not force rejection or quarantine, the failure is operational and governance-related, not just a user awareness issue. Organisations should map this to email security ownership, change control, and audit evidence.
👉 Read our full editorial: Ghost-Sender exposes Exchange Online mail flow trust gaps
