<!DOCTYPE html><html class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light" lang="en-us" dir="ltr" data-authenticated="false" data-auth-status-determined="false" data-target="docs" x-ms-format-detection="none"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta property="og:title" content="Anti-spoofing protection - Microsoft Defender for Office 365" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-protection-spoofing-about" /><meta property="og:description" content="Admins can learn about the anti-spoofing features that are available in Exchange Online Protection (EOP), which can help mitigate against phishing attacks from spoofed senders and domains." /><meta property="og:image" content="https://learn.microsoft.com/en-us/media/open-graph-image.png" /> <meta property="og:image:alt" content="Microsoft Learn" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@MicrosoftLearn" /> <meta name="color-scheme" content="light dark"><meta name="audience" content="ITPro" /> <meta name="author" content="chrisda" /> <meta name="breadcrumb_path" content="/defender-office-365/breadcrumb/toc.json" /> <meta name="depot_name" content="Learn.defender-office-365" /> <meta name="description" content="Admins can learn about the anti-spoofing features that are available in Exchange Online Protection (EOP), which can help mitigate against phishing attacks from spoofed senders and domains." /> <meta name="document_id" content="9af2d1b0-6511-2d16-73e1-49f7e99b0daa" /> <meta name="document_version_independent_id" content="9af2d1b0-6511-2d16-73e1-49f7e99b0daa" /> <meta name="f1.keywords" content="NOCSH" /> <meta name="feedback_help_link_type" content="" /> <meta name="feedback_help_link_url" content="" /> <meta name="feedback_product_url" content="https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance" /> <meta name="feedback_system" content="Standard" /> <meta name="git_commit_id" content="447499cfb676e0ab5d77d4b6f5c00de39509ed0e" /> <meta name="gitcommit" content="https://github.com/MicrosoftDocs/defender-docs-pr/blob/447499cfb676e0ab5d77d4b6f5c00de39509ed0e/defender-office-365/anti-phishing-protection-spoofing-about.md" /> <meta name="locale" content="en-us" /> <meta name="manager" content="deniseb" /> <meta name="ms.assetid" content="d24bb387-c65d-486e-93e7-06a4f1a436c0" /> <meta name="ms.author" content="chrisda" /> <meta name="ms.collection" content="m365-security" /> <meta name="ms.collection" content="Strat_O365_IP" /> <meta name="ms.collection" content="m365initiative-defender-office365" /> <meta name="ms.collection" content="EngageScoreSep2022" /> <meta name="ms.collection" content="ContentEngagementFY23" /> <meta name="ms.collection" content="tier2" /> <meta name="ms.custom" content="TopSMBIssues" /> <meta name="ms.custom" content="seo-marvel-apr2020" /> <meta name="ms.date" content="3/7/2024" /> <meta name="ms.localizationpriority" content="high" /> <meta name="ms.service" content="defender-office-365" /> <meta name="ms.topic" content="overview" /> <meta name="original_content_git_url" content="https://github.com/MicrosoftDocs/defender-docs-pr/blob/live/defender-office-365/anti-phishing-protection-spoofing-about.md" /> <meta name="page_type" content="conceptual" /> <meta name="permissioned-type" content="public" /> <meta name="schema" content="Conceptual" /> <meta name="search.appverid" content="MET150" /> <meta name="site_name" content="Docs" /> <meta name="toc_rel" content="toc.json" /> <meta name="uhfHeaderId" content="MSDocsHeader-MicrosoftDefender" /> <meta name="updated_at" content="2024-04-29 10:36 PM" /> <meta name="word_count" content="1569" /> <meta name="persistent_id" content="5d17f8ec-4b83-955d-47f5-c3a0c69d2064" /> <meta name="cmProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/609dad7f-61d2-4958-9386-e6e4bb38d61e" data-source="generated" /> <meta name="cmProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/cf9b82c5-b6dc-45f3-b005-b1bc5fc03bea" data-source="generated" /> <meta name="cmProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/1dd701e0-441f-4b0a-9806-aa47decc4e35" data-source="generated" /> <meta name="spProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/1af30562-083a-42e2-aad4-17ae29f4ad72" data-source="generated" /> <meta name="spProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/0c85d34e-bfd2-4466-957c-f0b61e9692df" data-source="generated" /> <meta name="spProducts" content="https://authoring-docs-microsoft.poolparty.biz/devrel/0a2fc935-5977-4aa6-9f55-0be03bd2acb8" data-source="generated" /> <meta name="scope" content="Microsoft Defender Office 365" /><meta name="github_feedback_content_git_url" content="https://github.com/MicrosoftDocs/defender-docs/blob/public/defender-office-365/anti-phishing-protection-spoofing-about.md" /><link href="https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-protection-spoofing-about" rel="canonical"><title>Anti-spoofing protection - Microsoft Defender for Office 365 | Microsoft Learn</title><link rel="stylesheet" href="/static/assets/0.4.028726178/styles/site-ltr.css"> <script id="msdocs-script"> var msDocs = {environment: { supportLevel: 'production', accessLevel: 'online', reviewFeatures: false, systemContent: true, azurePortalHostname: 'portal.azure.com', legacyHosting: false, siteName: 'learn', },data: { timeOrigin: Date.now(), contentLocale: 'en-us', contentDir: 'ltr', userLocale: 'en-us', userDir: 'ltr', pageTemplate: 'Conceptual', brand: '', context: {}, hasBinaryRating: true, feedbackHelpLinkType:'', feedbackHelpLinkUrl:'', standardFeedback: true, showFeedbackReport: false, enableTutorialFeedback: false, feedbackSystem: 'Standard', feedbackGitHubRepo: '', feedbackProductUrl: 'https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance',extendBreadcrumb: false,isEditDisplayable: true, hideViewSource: false, hasPageActions: true, hasPrintButton: true, hasBookmark: true, hasShare: true, isPermissioned: false, isPrivateUnauthorized: false,hasRecommendations: true,contributors: [{ name: "chrisda", url: "https://github.com/chrisda" },{ name: "Dansimp", url: "https://github.com/Dansimp" },{ name: "puneethmeister", url: "https://github.com/puneethmeister" },{ name: "denisebmsft", url: "https://github.com/denisebmsft" },{ name: "v-ratulach", url: "https://github.com/v-ratulach" },{ name: "Ratulch", url: "https://github.com/Ratulch" }],}, functions:{} }; </script><script src="https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js"></script> <script src="https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js"></script><script src="/static/assets/0.4.028726178/global/deprecation.js"></script><script src="/static/assets/0.4.028726178/scripts/en-us/index-docs.js"></script></head> <body lang="en-us" dir="ltr"> <div class="header-holder has-default-focus"> <a href="#main" style="z-index: 1070" class="outline-color-text visually-hidden-until-focused position-fixed inner-focus focus-visible top-0 left-0 right-0 padding-xs text-align-center has-body-background" tabindex="1">Skip to main content</a><div hidden id="cookie-consent-holder" data-test-id="cookie-consent-container"></div> <div id="unsupported-browser" style=" background-color: white; color: black; padding: 16px; border-bottom: 1px solid grey;" hidden > <div style="max-width: 800px; margin: 0 auto;"> <p style="font-size: 24px">This browser is no longer supported.</p> <p style="font-size: 16px; margin-top: 16px;">Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.</p> <div style="margin-top: 12px;"> <a href="https://go.microsoft.com/fwlink/p/?LinkID=2092881 " style=" background-color: #0078d4; border: 1px solid #0078d4; color: white; padding: 6px 12px; border-radius: 2px; display: inline-block; ">Download Microsoft Edge</a> <a href="https://learn.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge" style=" background-color: white; padding: 6px 12px; border: 1px solid #505050; color: #171717; border-radius: 2px; display: inline-block; ">More info about Internet Explorer and Microsoft Edge</a> </div> </div> </div> <!-- liquid-tag banners global --> <!-- site header --> <header id="ms--site-header" data-test-id="site-header-wrapper" role="banner" itemscope="itemscope" itemtype="http://schema.org/Organization"> <div id="ms--mobile-nav" class="site-header display-none-tablet padding-inline-none gap-none" data-bi-name="mobile-header" data-test-id="mobile-header"></div> <div id="ms--primary-nav" class="site-header display-none display-flex-tablet" data-bi-name="L1-header" data-test-id="primary-header"></div> <div id="ms--secondary-nav" class="site-header display-none display-flex-tablet" data-bi-name="L2-header" data-test-id="secondary-header"></div> </header><div id="content-header" class="content-header uhf-container has-padding has-default-focus border-bottom-none" data-bi-name="content-header"> <div class="content-header-controls margin-xxs margin-inline-sm-tablet"> <button type="button" class="contents-button button button-sm margin-right-xxs" data-bi-name="contents-expand" aria-haspopup="true" data-contents-button> <span class="icon"><span class="docon docon-menu" aria-hidden="true"></span></span> <span class="contents-expand-title">Table of contents</span> </button> <button type="button" class="ap-collapse-behavior ap-expanded button button-sm" data-bi-name="ap-collapse" aria-controls="action-panel"> <span class="icon"><span class="docon docon-exit-mode" aria-hidden="true"></span></span> <span>Exit focus mode</span> </button> </div> </div><div id="disclaimer-holder" class="has-overflow-hidden has-default-focus"> <!-- liquid-tag banners sectional --> </div> </div> <div class="mainContainer uhf-container has-default-focus" data-bi-name="body"> <div class="columns has-large-gaps is-gapless-mobile "><div id="left-container" class="left-container is-hidden-mobile column is-one-third-tablet is-one-quarter-desktop"> <nav id="affixed-left-container" class="margin-top-sm-tablet position-sticky display-flex flex-direction-column" aria-label="Primary"></nav> </div><!-- .primary-holder --> <section class="primary-holder column is-two-thirds-tablet is-three-quarters-desktop"> <!--div.columns --> <div class="columns is-gapless-mobile has-large-gaps "><div id="main-column" class="column is-full is-8-desktop"> <main id="main" class="" role="main" data-bi-name="content" lang="en-us" dir="ltr"><!-- article-header --> <div id="article-header" class="background-color-body margin-top-sm-tablet margin-bottom-xs display-none-print"> <div class="display-flex align-items-center "><details id="article-header-breadcrumbs-overflow-popover" class="popover" data-for="article-header-breadcrumbs"> <summary class="button button-clear button-primary button-sm inner-focus" aria-label="All breadcrumbs"> <span class="icon"> <span class="docon docon-more"></span> </span> </summary> <div id="article-header-breadcrumbs-overflow" class="popover-content padding-none"> </div> </details> <bread-crumbs id="article-header-breadcrumbs" data-test-id="article-header-breadcrumbs" class="overflow-hidden flex-grow-1 margin-right-sm margin-right-md-tablet margin-right-lg-desktop margin-left-negative-xxs padding-left-xxs"></bread-crumbs><div id="article-header-page-actions" class="opacity-none margin-left-auto display-flex flex-wrap-no-wrap align-items-stretch"><a id="lang-link-tablet" class="button button-primary button-clear button-sm display-none display-inline-flex-tablet" title="Read in English" data-bi-name="language-toggle" data-read-in-link hidden> <span class="icon margin-none" aria-hidden="true" data-read-in-link-icon> <span class="docon docon-locale-globe"></span> </span> <span class="is-visually-hidden" data-read-in-link-text>Read in English</span> </a><button type="button" class="collection button button-clear button-sm button-primary display-none display-inline-flex-tablet" data-list-type="collection" data-bi-name="collection" title="Add to collection"> <span class="icon margin-none" aria-hidden="true"> <span class="docon docon-circle-addition"></span> </span> <span class="collection-status is-visually-hidden">Save</span> </button><a data-contenteditbtn class="button button-clear button-sm text-decoration-none button-primary display-none display-inline-flex-tablet" aria-label="Edit" title="Edit This Document" data-bi-name="edit" href="https://github.com/MicrosoftDocs/defender-docs/blob/public/defender-office-365/anti-phishing-protection-spoofing-about.md" data-original_content_git_url="https://github.com/MicrosoftDocs/defender-docs-pr/blob/live/defender-office-365/anti-phishing-protection-spoofing-about.md" data-original_content_git_url_template="{repo}/blob/{branch}/defender-office-365/anti-phishing-protection-spoofing-about.md" data-pr_repo="" data-pr_branch=""> <span class="icon margin-none" aria-hidden="true"> <span class="docon docon-edit-outline"></span> </span> </a> <details class="popover popover-right" id="article-header-page-actions-overflow"> <summary class="justify-content-flex-start button button-clear button-sm button-primary" aria-label="More actions" title="More actions"> <span class="icon" aria-hidden="true"> <span class="docon docon-more-vertical"></span> </span> </summary> <div class="popover-content padding-xs"><button data-page-action-item="overflow-mobile" type="button" class="justify-content-flex-start button-block button-sm has-inner-focus button button-clear display-none-tablet" data-bi-name="contents-expand" data-contents-button data-popover-close> <span class="icon"> <span class="docon docon-editor-list-bullet" aria-hidden="true"></span> </span><span class="contents-expand-title">Table of contents</span></button><a id="lang-link-overflow" class="justify-content-flex-start button-sm has-inner-focus button button-clear button-block display-none-tablet" title="Read in English" data-bi-name="language-toggle" data-page-action-item="overflow-mobile" data-check-hidden="true" data-read-in-link hidden > <span class="icon" aria-hidden="true" data-read-in-link-icon> <span class="docon docon-locale-globe"></span> </span> <span data-read-in-link-text>Read in English</span> </a><button type="button" class="collection justify-content-flex-start button button-clear button-sm has-inner-focus button-block display-none-tablet" data-list-type="collection" data-bi-name="collection" title="Save" data-page-action-item="overflow-mobile" data-check-hidden="true" data-popover-close> <span class="icon" aria-hidden="true"> <span class="docon docon-circle-addition"></span> </span> <span class="collection-status">Save</span> </button> <button type="button" class="collection justify-content-flex-start button button-clear button-sm has-inner-focus button-block display-none-tablet" data-list-type="plan" data-bi-name="plan" title="Add to Plan" data-page-action-item="overflow-mobile" data-check-hidden="true" data-popover-close hidden> <span class="icon" aria-hidden="true"> <span class="docon docon-circle-addition"></span> </span> <span class="plan-status">Add to Plan</span> </button><a data-contenteditbtn class="button button-clear button-block button-sm has-inner-focus justify-content-flex-start text-decoration-none display-none-tablet" aria-label="Edit" title="Edit This Document" data-bi-name="edit" href="https://github.com/MicrosoftDocs/defender-docs/blob/public/defender-office-365/anti-phishing-protection-spoofing-about.md" data-original_content_git_url="https://github.com/MicrosoftDocs/defender-docs-pr/blob/live/defender-office-365/anti-phishing-protection-spoofing-about.md" data-original_content_git_url_template="{repo}/blob/{branch}/defender-office-365/anti-phishing-protection-spoofing-about.md" data-pr_repo="" data-pr_branch=""> <span class="icon" aria-hidden="true"> <span class="docon docon-edit-outline"></span> </span> <span>Edit</span> </a><div aria-hidden="true" class="margin-none" data-page-action-item="overflow-all"></div> <hr class="display-none-tablet margin-bottom-xxs margin-top-xxs" /> <h4 class="font-size-sm padding-left-xxs">Share via</h4> <a class="button button-clear button-sm button-block has-inner-focus text-decoration-none justify-content-flex-start share-facebook" data-bi-name="facebook" data-page-action-item="overflow-all"> <span class="icon" aria-hidden="true"> <span class="docon docon-facebook-share font-size-md color-primary"></span> </span> <span class="margin-left-xxs">Facebook</span> </a> <a class="button button-clear button-sm has-inner-focus button-block text-decoration-none justify-content-flex-start share-twitter" data-bi-name="twitter" data-page-action-item="overflow-all"> <span class="icon" aria-hidden="true"> <span class="docon docon-xlogo-share font-size-xxs"></span> </span> <span class="margin-left-xxs">x.com</span> </a> <a class="button button-clear button-sm has-inner-focus button-block text-decoration-none justify-content-flex-start share-linkedin" data-bi-name="linkedin" data-page-action-item="overflow-all"> <span class="icon" aria-hidden="true"> <span class="docon docon-linked-in-logo font-size-sm color-primary"></span> </span> <span class="margin-left-xxs">LinkedIn</span> </a> <a class="button button-clear button-sm button-block has-inner-focus text-decoration-none justify-content-flex-start margin-bottom-xxs share-email" data-bi-name="email" data-page-action-item="overflow-all"> <span class="icon" aria-hidden="true"> <span class="docon docon-mail-message font-size-sm color-primary"></span> </span> <span class="margin-left-xxs">Email</span> </a><hr /> <button class="button button-block button-clear button-sm justify-content-flex-start has-inner-focus margin-top-xxs" title="Print" type="button" aria-label="Print" data-bi-name="print" data-page-action-item="overflow-all" data-popover-close data-print-page data-check-hidden="true"> <span class="icon" aria-hidden="true"> <span class="docon docon-print font-size-sm color-primary"></span> </span> <span class="margin-left-xxs">Print</span> </button> </div> </details> </div></div> </div> <!-- end article-header --><div> <button type="button" class="border contents-button button button-clear button-sm is-hidden-tablet has-inner-focus" data-bi-name="contents-expand" data-contents-button hidden> <span class="icon"> <span class="docon docon-editor-list-bullet" aria-hidden="true"></span> </span><span class="contents-expand-title">Table of contents</span></button> </div><!-- end mobile-contents button --> <div class="content "><h1 id="anti-spoofing-protection-in-eop">Anti-spoofing protection in EOP</h1><div class="display-flex justify-content-space-between align-items-center flex-wrap-wrap page-metadata-container"> <div class="margin-right-xxs"> <ul class="metadata page-metadata" data-bi-name="page info" lang="en-us" dir="ltr"><li>Article</li><li class="visibility-hidden-visual-diff"><time class="is-invisible" data-article-date aria-label="Article review date" datetime="2024-04-24T19:20:00Z" data-article-date-source="calculated">04/24/2024</time> </li><li class="contributors-holder display-none-print"> <button aria-label="View all contributors" class="contributors-button link-button" data-bi-name="contributors" title="View all contributors">6 contributors</button> </li><li class="attributeList-holder"> <dl class="attributeList"> <dt>Applies to:</dt> <dd>✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>, ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>, ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a></dd> </dl> </li></ul> </div> <div id="user-feedback" class="margin-block-xxs display-none-print" data-hide-on-archived> <button id="user-feedback-button" data-test-id="conceptual-feedback-button" class="button button-sm button-clear button-primary" type="button" data-bi-name="user-feedback-button" data-user-feedback-button > <span class="icon" aria-hidden="true"> <span class="docon docon-like"></span> </span> <span>Feedback</span> </button> </div></div><nav id="center-doc-outline" class="doc-outline is-hidden-desktop display-none-print margin-bottom-sm" data-bi-name="intopic toc" aria-label="In this article"> <h2 id="ms--in-this-article" class="title is-6 margin-block-xs">In this article</h2> </nav><!-- <content> --><div class="TIP"> <p>Tip</p> <p><em>Did you know you can try the features in Microsoft Defender for Office 365 Plan 2 for free?</em> Use the 90-day Defender for Office 365 trial at the <a href="https://security.microsoft.com/trialHorizontalHub?sku=MDO&amp;ref=DocsRef" data-linktype="external">Microsoft Defender portal trials hub</a>. Learn about who can sign up and trial terms on <a href="/en-us/defender-office-365/try-microsoft-defender-for-office-365" data-linktype="absolute-path">Try Microsoft Defender for Office 365</a>.</p> </div> <p>In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP includes features to help protect your organization from spoofed (forged) senders.</p> <p>When it comes to protecting its users, Microsoft takes the threat of phishing seriously. Spoofing is a common technique that's used by attackers. <strong>Spoofed messages appear to originate from someone or somewhere other than the actual source</strong>. This technique is often used in phishing campaigns that are designed to get user credentials. The anti-spoofing technology in EOP specifically examines forgery of the From header in the message body, because that header value is the message sender that's shown in email clients. When EOP has high confidence that the From header is forged, the message is identified as spoofed.</p> <p>The following anti-spoofing technologies are available in EOP:</p> <ul> <li><p><strong>Email authentication</strong>: An integral part of any anti-spoofing effort is the use of email authentication (also known as email validation) by SPF, DKIM, and DMARC records in DNS. You can configure these records for your domains so destination email systems can check the validity of messages that claim to be from senders in your domains. For inbound messages, Microsoft 365 requires email authentication for sender domains. For more information, see <a href="email-authentication-about" data-linktype="relative-path">Email authentication in Microsoft 365</a>.</p> <p>EOP analyzes and blocks messages based on the combination of standard email authentication methods and sender reputation techniques.</p> <p><span class="mx-imgBorder"> <a href="media/eop-anti-spoofing-protection.png#lightbox" data-linktype="relative-path"> <img src="media/eop-anti-spoofing-protection.png" alt="The EOP anti-spoofing checks" data-linktype="relative-path"> </a> </span> </p> </li> <li><p><strong>Spoof intelligence insight</strong>: Review detected spoofed messages from senders in internal and external domains during the last seven days. For more information, see <a href="anti-spoofing-spoof-intelligence" data-linktype="relative-path">Spoof intelligence insight in EOP</a>.</p> </li> <li><p><strong>Allow or block spoofed senders in the Tenant Allow/Block List</strong>: When you override the verdict in the spoof intelligence insight, the spoofed sender becomes a manual allow or block entry that only appears on the <strong>Spoofed senders</strong> tab on the <strong>Tenant Allow/Block Lists</strong> page at <a href="https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem" data-linktype="external">https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem</a>. You can also manually create allow or block entries for spoof senders before they're detected by spoof intelligence. For more information, see <a href="tenant-allow-block-list-email-spoof-configure#spoofed-senders-in-the-tenant-allowblock-list" data-linktype="relative-path">Spoofed senders in the Tenant Allow/Block List</a>.</p> </li> <li><p><strong>Anti-phishing policies</strong>: In EOP and Microsoft Defender for Office 365, anti-phishing policies contain the following anti-spoofing settings:</p> <ul> <li>Turn spoof intelligence on or off.</li> <li>Turn unauthenticated sender indicators in Outlook on or off.</li> <li>Specify the action for blocked spoofed senders.</li> </ul> <p>For more information, see <a href="anti-phishing-policies-about#spoof-settings" data-linktype="relative-path">Spoof settings in anti-phishing policies</a>.</p> <p>Anti-phishing policies in Defender for Office 365 contain addition protections, including <em>impersonation</em> protection. For more information, see <a href="anti-phishing-policies-about#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365" data-linktype="relative-path">Exclusive settings in anti-phishing policies in Microsoft Defender for Office 365</a>.</p> </li> <li><p><strong>Spoof detections report</strong>: For more information, see <a href="reports-email-security#spoof-detections-report" data-linktype="relative-path">Spoof Detections report</a>.</p> <p>Defender for Office 365 organizations can also use Real-time detections (Plan 1) or Threat Explorer (Plan 2) to view information about phishing attempts. For more information, see <a href="office-365-ti" data-linktype="relative-path">Microsoft 365 threat investigation and response</a>.</p> </li> </ul> <div class="TIP"> <p>Tip</p> <p>It's important to understand that a <a href="email-authentication-about#composite-authentication" data-linktype="relative-path">composite authentication</a> failure doesn't directly result in a message being blocked. Our system using a holistic evaluation strategy that considers the overall suspicious nature of a message along with composite authentication results. This method is designed to mitigate the risk of incorrectly blocking legitimate email from domains that might not strictly adhere to email authentication protocols. This balanced approach helps distinguish genuinely malicious email from message senders that simply fail to conform to standard email authentication practices.</p> </div> <h2 id="how-spoofing-is-used-in-phishing-attacks">How spoofing is used in phishing attacks</h2> <p>Spoofed senders in messages have the following negative implications for users:</p> <ul> <li><p><strong>Deception</strong>: Messages from spoofed senders might trick the recipient into selecting a link and giving up their credentials, downloading malware, or replying to a message with sensitive content (known as business email compromise or BEC).</p> <p>The following message is an example of phishing that uses the spoofed sender msoutlook94@service.outlook.com:</p> <p><span class="mx-imgBorder"> <a href="media/1a441f21-8ef7-41c7-90c0-847272dc5350.jpg#lightbox" data-linktype="relative-path"> <img src="media/1a441f21-8ef7-41c7-90c0-847272dc5350.jpg" alt="Phishing message impersonating service.outlook.com." data-linktype="relative-path"> </a> </span> </p> <p>This message didn't come from service.outlook.com, but the attacker spoofed the <strong>From</strong> header field to make it look like it did. The sender attempted to trick the recipient into selecting the <strong>change your password</strong> link and providing their credentials.</p> <p>The following message is an example of BEC that uses the spoofed email domain contoso.com:</p> <p><span class="mx-imgBorder"> <a href="media/da15adaa-708b-4e73-8165-482fc9182090.jpg#lightbox" data-linktype="relative-path"> <img src="media/da15adaa-708b-4e73-8165-482fc9182090.jpg" alt="Phishing message - business email compromise." data-linktype="relative-path"> </a> </span> </p> <p>The message looks legitimate, but the sender is spoofed.</p> </li> <li><p><strong>Confusion</strong>: Even users who know about phishing might have difficulty seeing the differences between real messages and messages from spoofed senders.</p> <p>The following message is an example of a real password reset message from the Microsoft Security account:</p> <p><span class="mx-imgBorder"> <a href="media/58a3154f-e83d-4f86-bcfe-ae9e8c87bd37.jpg#lightbox" data-linktype="relative-path"> <img src="media/58a3154f-e83d-4f86-bcfe-ae9e8c87bd37.jpg" alt="Microsoft legitimate password reset." data-linktype="relative-path"> </a> </span> </p> <p>The message really did come from Microsoft, but users have been conditioned to be suspicious. Because it's difficult to the difference between a real password reset message and a fake one, users might ignore the message, report it as spam, or unnecessarily report the message to Microsoft as phishing.</p> </li> </ul> <h2 id="different-types-of-spoofing">Different types of spoofing</h2> <p>Microsoft differentiates between two different types of spoofed senders in messages:</p> <ul> <li><p><strong>Intra-org spoofing</strong>: Also known as <em>self-to-self</em> spoofing. For example:</p> <ul> <li><p>The sender and recipient are in the same domain:</p> <blockquote> <p>From: chris@contoso.com <br> To: michelle@contoso.com</p> </blockquote> </li> <li><p>The sender and the recipient are in subdomains of the same domain:</p> <blockquote> <p>From: laura@marketing.fabrikam.com <br> To: julia@engineering.fabrikam.com</p> </blockquote> </li> <li><p>The sender and recipient are in different domains that belong to the same organization (that is, both domains are configured as <a href="/en-us/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains" data-linktype="absolute-path">accepted domains</a> in the same organization):</p> <blockquote> <p>From: sender @ microsoft.com <br> To: recipient @ bing.com</p> </blockquote> <p>Spaces are used in the email addresses to prevent spambot harvesting.</p> </li> </ul> <p>Messages that fail <a href="email-authentication-about#composite-authentication" data-linktype="relative-path">composite authentication</a> due to intra-org spoofing contain the following header values:</p> <p><code>Authentication-Results: ... compauth=fail reason=6xx</code></p> <p><code>X-Forefront-Antispam-Report: ...CAT:SPOOF;...SFTY:9.11</code></p> <ul> <li><p><code>reason=6xx</code> indicates intra-org spoofing.</p> </li> <li><p><code>SFTY</code> is the safety level of the message. <code>9</code> indicates phishing, <code>.11</code> indicates intra-org spoofing.</p> </li> </ul> </li> <li><p><strong>Cross-domain spoofing</strong>: The sender and recipient domains are different, and have no relationship to each other (also known as external domains). For example:</p> <blockquote> <p>From: chris@contoso.com <br> To: michelle@tailspintoys.com</p> </blockquote> <p>Messages that fail <a href="email-authentication-about#composite-authentication" data-linktype="relative-path">composite authentication</a> due to cross-domain spoofing contain the following headers values:</p> <p><code>Authentication-Results: ... compauth=fail reason=000/001</code></p> <p><code>X-Forefront-Antispam-Report: ...CAT:SPOOF;...SFTY:9.22</code></p> <ul> <li><p><code>reason=000</code> indicates the message failed explicit email authentication. <code>reason=001</code> indicates the message failed implicit email authentication.</p> </li> <li><p><code>SFTY</code> is the safety level of the message. <code>9</code> indicates phishing, <code>.22</code> indicates cross-domain spoofing.</p> </li> </ul> <p>For more information about <strong>Authentication-Results</strong> and <code>compauth</code> values, see <a href="message-headers-eop-mdo#authentication-results-message-header-fields" data-linktype="relative-path">Authentication-results message header fields</a>.</p> </li> </ul> <h2 id="problems-with-anti-spoofing-protection">Problems with anti-spoofing protection</h2> <p>Mailing lists (also known as discussion lists) are known to have problems with anti-spoofing protection due to the way they forward and modify messages.</p> <p>For example, Gabriela Laureano (glaureano@contoso.com) is interested in bird watching, joins the mailing list birdwatchers@fabrikam.com, and sends the following message to the list:</p> <blockquote> <p><strong>From:</strong> "Gabriela Laureano" &lt;glaureano@contoso.com&gt; <br> <strong>To:</strong> Birdwatcher's Discussion List &lt;birdwatchers@fabrikam.com&gt; <br> <strong>Subject:</strong> Great viewing of blue jays at the top of Mt. Rainier this week </p><p> Anyone want to check out the viewing this week from Mt. Rainier?</p> </blockquote> <p>The mailing list server receives the message, modifies its content, and replays it to the members of list. The replayed message has the same From address (glaureano@contoso.com), but a tag is added to the subject line, and a footer is added to the bottom of the message. This type of modification is common in mailing lists, and may result in false positives for spoofing.</p> <blockquote> <p><strong>From:</strong> "Gabriela Laureano" &lt;glaureano@contoso.com&gt; <br> <strong>To:</strong> Birdwatcher's Discussion List &lt;birdwatchers@fabrikam.com&gt; <br> <strong>Subject:</strong> [BIRDWATCHERS] Great viewing of blue jays at the top of Mt. Rainier this week </p><p> Anyone want to check out the viewing this week from Mt. Rainier? </p><p> This message was sent to the Birdwatchers Discussion List. You can unsubscribe at any time.</p> </blockquote> <p>To help mailing list messages pass anti-spoofing checks, do following steps based on whether you control the mailing list:</p> <ul> <li><p><strong>Your organization owns the mailing list</strong>:</p> <ul> <li>Check the FAQ at DMARC.org: <a href="https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F" data-linktype="external">I operate a mailing list and I want to interoperate with DMARC, what should I do?</a>.</li> <li>Read the instructions at this blog post: <a href="/en-us/archive/blogs/tzink/a-tip-for-mailing-list-operators-to-interoperate-with-dmarc-to-avoid-failures" data-linktype="absolute-path">A tip for mailing list operators to interoperate with DMARC to avoid failures</a>.</li> <li>Consider installing updates on your mailing list server to support ARC. For more information, see <a href="http://arc-spec.org" data-linktype="external">http://arc-spec.org</a>.</li> </ul> </li> <li><p><strong>Your organization doesn't own the mailing list</strong>:</p> <ul> <li>Ask the maintainer of the mailing list to configure email authentication for the domain that the mailing list is relaying from. The owners are more likely to act if enough members ask them to set up email authentication. While Microsoft also works with domain owners to publish the required records, it helps even more when individual users request it.</li> <li>Create Inbox rules in your email client to move messages to the Inbox.</li> <li>Use the Tenant Allow/Block List to create an allow entry for the mailing list to treat it as legitimate. For more information, see <a href="tenant-allow-block-list-email-spoof-configure#create-allow-entries-for-spoofed-senders" data-linktype="relative-path">Create allow entries for spoofed senders</a>.</li> </ul> </li> </ul> <p>If all else fails, you can report the message as a false positive to Microsoft. For more information, see <a href="submissions-report-messages-files-to-microsoft" data-linktype="relative-path">Report messages and files to Microsoft</a>.</p> <h2 id="considerations-for-anti-spoofing-protection">Considerations for anti-spoofing protection</h2> <p>If you're an admin who currently sends messages to Microsoft 365, you need to ensure that your email is properly authenticated. Otherwise, it might be marked as spam or phishing. For more information, see <a href="email-authentication-about#how-to-avoid-email-authentication-failures-when-sending-mail-to-microsoft-365" data-linktype="relative-path">How to avoid email authentication failures when sending mail to Microsoft 365</a>.</p> <p>Senders in individual user (or admin) Safe Senders lists bypass parts of the filtering stack, including spoof protection. For more information, see <a href="create-safe-sender-lists-in-office-365#use-outlook-safe-senders" data-linktype="relative-path">Outlook Safe Senders</a>.</p> <p>If at all possible, admins should avoid using allowed sender lists or allowed domain lists in anti-spam policies. These senders bypass most of the filtering stack (high confidence phishing and malware messages are always quarantined). For more information, see <a href="create-safe-sender-lists-in-office-365#use-allowed-sender-lists-or-allowed-domain-lists" data-linktype="relative-path">Use allowed sender lists or allowed domain lists</a>.</p> </div><div id="ms--inline-notifications" class="margin-block-xs" data-bi-name="inline-notification"></div><div id="assertive-live-region" role="alert" aria-live="assertive" class="visually-hidden" aria-relevant="additions" aria-atomic="true"></div> <div id="polite-live-region" role="status" aria-live="polite" class="visually-hidden" aria-relevant="additions" aria-atomic="true"></div> <!-- </content> --> </main><!-- recommendations section --><!-- end recommendations section --> <!-- feedback section --><section id="site-user-feedback-footer" class="font-size-sm margin-top-md" data-test-id="site-user-feedback-footer" data-bi-name="site-feedback-section"> <hr class="hr" /> <h2 id="feedback" class="title is-3">Feedback</h2> <div class="display-flex flex-wrap-wrap align-items-center"> <p class="font-weight-semibold margin-xxs margin-left-none">Was this page helpful?</p> <div class="buttons"> <button class="thumb-rating-button like button button-primary button-sm" data-test-id="footer-rating-yes" data-binary-rating-response="rating-yes" type="button" title="This article is helpful" data-bi-name="button-rating-yes" aria-pressed="false" > <span class="icon" aria-hidden="true"> <span class="docon docon-like"></span> </span> <span>Yes</span> </button> <button class="thumb-rating-button dislike button button-primary button-sm" data-test-id="footer-rating-no" data-binary-rating-response="rating-no" type="button" title="This article is not helpful" data-bi-name="button-rating-no" aria-pressed="false" > <span class="icon" aria-hidden="true"> <span class="docon docon-dislike"></span> </span> <span>No</span> </button> </div> </div><div class="display-flex flex-wrap-wrap margin-top-xxs"><div> <a data-bi-name="provide-feedback-cta" class="has-external-link-indicator" href="https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance" data-bi-name="product-feedback" > <span>Provide product feedback</span> </a></div></div> </section><!-- end feedback section --> <!-- feedback report section --><!-- end feedback report section --><aside id="ms--additional-resources-mobile" aria-label="Additional resources" class="display-none-desktop display-none-print" > <hr class="hr" hidden /> <h2 id="ms--additional-resources-mobile-heading" class="title is-3" hidden>Additional resources</h2> <section id="right-rail-recommendations-mobile" data-bi-name="recommendations" hidden></section> <section id="right-rail-training-mobile" data-bi-name="learning-resources-card" hidden></section> <section id="right-rail-events-mobile" data-bi-name="events-card" hidden></section> <section id="right-rail-qna-mobile" data-bi-name="qna-link-card" hidden></section> </aside><div class="border-top is-visible-interactive has-default-focus margin-top-sm "><footer id="footer-interactive" data-bi-name="footer" class="footer-layout"><div class="display-flex gap-xs flex-wrap-wrap is-full-height padding-right-lg-desktop"><a data-mscc-ic="false" class="locale-selector-link button button-sm button-clear flex-shrink-0" href="#" data-bi-name="select-locale"> <span class="icon" aria-hidden="true"> <span class="docon docon-world"></span> </span> <span class="local-selector-link-text"></span></a><div class="ccpa-privacy-link" data-ccpa-privacy-link hidden> <a href="https://aka.ms/yourcaliforniaprivacychoices" class="button button-sm button-clear flex-shrink-0" data-mscc-ic="false" data-bi-name="your-privacy-choices" > <svg role="img" aria-label="California Consumer Privacy Act (CCPA) Opt-Out Icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43" focusable="false" > <title>California Consumer Privacy Act (CCPA) Opt-Out Icon</title> <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"></path> <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"></path> <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"></path> <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"></path> </svg> <span>Your Privacy Choices</span> </a> </div> <div class="flex-shrink-0"> <div class="dropdown has-caret-up"> <button class="dropdown-trigger button button-clear button-sm has-inner-focus theme-dropdown-trigger" aria-controls="theme-menu-interactive" aria-expanded="false" title="Theme" data-bi-name="theme"> <span class="icon"> <span class="docon docon-sun" aria-hidden="true"></span> </span> <span>Theme</span> <span class="icon expanded-indicator" aria-hidden="true"> <span class="docon docon-chevron-down-light"></span> </span> </button> <div class="dropdown-menu" id="theme-menu-interactive" role="menu"> <ul class="theme-selector padding-xxs" role="none"> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="light"> <span class="theme-light margin-right-xxs"> <span class="theme-selector-icon border display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>Light</span> </button> </li> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="dark"> <span class="theme-dark margin-right-xxs"> <span class="border theme-selector-icon display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>Dark</span> </button> </li> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="high-contrast"> <span class="theme-high-contrast margin-right-xxs"> <span class="border theme-selector-icon display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>High contrast</span> </button> </li> </ul> </div> </div> </div> </div> <ul class="links" data-bi-name="footerlinks"> <li class="manage-cookies-holder" hidden></li><li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/previous-versions/" data-bi-name="archivelink">Previous Versions</a></li> <li><a class="external-link-indicator" data-mscc-ic="false" href="https://techcommunity.microsoft.com/t5/microsoft-learn-blog/bg-p/MicrosoftLearnBlog" data-bi-name="bloglink">Blog</a></li> <li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/contribute/" data-bi-name="contributorGuide">Contribute</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="https://go.microsoft.com/fwlink/?LinkId=521839" data-bi-name="privacy">Privacy</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/legal/termsofuse" data-bi-name="termsofuse">Terms of Use</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="https://www.microsoft.com/legal/intellectualproperty/Trademarks/" data-bi-name="trademarks">Trademarks</a></li><li>&copy; Microsoft 2024</li> </ul> </footer></div></div><div id="ms--additional-resources" class="right-container column is-4-desktop display-none display-block-desktop" data-bi-name="pageactions" role="complementary" aria-label="Additional resources" > <div id="affixed-right-container" class="margin-top-sm-tablet" data-bi-name="right-column"> <h2 id="ms--additional-resources-heading" class="title is-6 margin-top-md" hidden>Additional resources</h2> <section id="right-rail-events" data-bi-name="events-card" hidden></section> <section id="right-rail-training" data-bi-name="learning-resources-card" hidden></section> <section id="right-rail-recommendations" data-bi-name="recommendations" hidden></section> <nav id="side-doc-outline" class="doc-outline" data-bi-name="intopic toc" aria-label="In this article"> <h3>In this article</h3> </nav> <section id="right-rail-qna" class="margin-top-xxs" data-bi-name="qna-link-card" hidden></section> </div> </div></div> <!--end of div.columns --> </section> <!--end of .primary-holder --> <!-- interactive container --> <aside id="interactive-container" class="interactive-container is-visible-interactive column has-body-background-dark "> </aside> <!-- end of interactive container --> </div> </div> <!--end of .mainContainer --> <section class="border-top has-default-focus is-hidden-interactive margin-top-sm "><footer id="footer" data-bi-name="footer" class="footer-layout uhf-container has-padding" role="contentinfo"><div class="display-flex gap-xs flex-wrap-wrap is-full-height padding-right-lg-desktop"><a data-mscc-ic="false" class="locale-selector-link button button-sm button-clear flex-shrink-0" href="#" data-bi-name="select-locale"> <span class="icon" aria-hidden="true"> <span class="docon docon-world"></span> </span> <span class="local-selector-link-text"></span></a><div class="ccpa-privacy-link" data-ccpa-privacy-link hidden> <a href="https://aka.ms/yourcaliforniaprivacychoices" class="button button-sm button-clear flex-shrink-0" data-mscc-ic="false" data-bi-name="your-privacy-choices" > <svg role="img" aria-label="California Consumer Privacy Act (CCPA) Opt-Out Icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43" focusable="false" > <title>California Consumer Privacy Act (CCPA) Opt-Out Icon</title> <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"></path> <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"></path> <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"></path> <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"></path> </svg> <span>Your Privacy Choices</span> </a> </div> <div class="flex-shrink-0"> <div class="dropdown has-caret-up"> <button class="dropdown-trigger button button-clear button-sm has-inner-focus theme-dropdown-trigger" aria-controls="theme-menu" aria-expanded="false" title="Theme" data-bi-name="theme"> <span class="icon"> <span class="docon docon-sun" aria-hidden="true"></span> </span> <span>Theme</span> <span class="icon expanded-indicator" aria-hidden="true"> <span class="docon docon-chevron-down-light"></span> </span> </button> <div class="dropdown-menu" id="theme-menu" role="menu"> <ul class="theme-selector padding-xxs" role="none"> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="light"> <span class="theme-light margin-right-xxs"> <span class="theme-selector-icon border display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>Light</span> </button> </li> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="dark"> <span class="theme-dark margin-right-xxs"> <span class="border theme-selector-icon display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>Dark</span> </button> </li> <li class="theme display-block" role="menuitem"> <button class="button button-clear button-sm theme-control button-block justify-content-flex-start" data-theme-to="high-contrast"> <span class="theme-high-contrast margin-right-xxs"> <span class="border theme-selector-icon display-inline-block has-body-background" aria-hidden="true"> <svg class="svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 22 14"> <rect width="22" height="14" class="has-fill-body-background" /> <rect x="5" y="5" width="12" height="4" class="has-fill-secondary" /> <rect x="5" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="8" y="2" width="2" height="1" class="has-fill-secondary" /> <rect x="11" y="2" width="3" height="1" class="has-fill-secondary" /> <rect x="1" y="1" width="2" height="2" class="has-fill-secondary" /> <rect x="5" y="10" width="7" height="2" rx="0.3" class="has-fill-primary" /> <rect x="19" y="1" width="2" height="2" rx="1" class="has-fill-secondary" /> </svg> </span> </span> <span>High contrast</span> </button> </li> </ul> </div> </div> </div> </div> <ul class="links" data-bi-name="footerlinks"> <li class="manage-cookies-holder" hidden></li><li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/previous-versions/" data-bi-name="archivelink">Previous Versions</a></li> <li><a class="external-link-indicator" data-mscc-ic="false" href="https://techcommunity.microsoft.com/t5/microsoft-learn-blog/bg-p/MicrosoftLearnBlog" data-bi-name="bloglink">Blog</a></li> <li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/contribute/" data-bi-name="contributorGuide">Contribute</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="https://go.microsoft.com/fwlink/?LinkId=521839" data-bi-name="privacy">Privacy</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="/en-us/legal/termsofuse" data-bi-name="termsofuse">Terms of Use</a></li><li><a class="external-link-indicator" data-mscc-ic="false" href="https://www.microsoft.com/legal/intellectualproperty/Trademarks/" data-bi-name="trademarks">Trademarks</a></li><li>&copy; Microsoft 2024</li> </ul> </footer> </section> <div id="action-panel" role="region" aria-label="Action Panel" class="action-panel has-default-focus" tabindex="-1"></div> </body> </html>