Microsoft is currently rolling out a new Office 365 feature dubbed 'Unverified Sender' and designed to help users identify potential spam or phishing emails that reach their Outlook client's inbox.

"Unverified sender is a new Office 365 feature that helps end-users identify suspicious messages in their inbox," says the company on the new feature's Microsoft 365 roadmap entry.

"In order to help customers identify suspicious messages in their inbox, we've added an indicator that demonstrates Office 365 spoof intelligence was unable to verify the sender."

The new indicators will be shown in the user's Outlook inbox for messages where the client couldn't verify the sender's identity using email authentication techniques.

If Unverified Sender is toggled on, all emails that come from unverified sender will have the sender's photo or initials replaced with a question mark in the people card as shown above. This will make it easier for Office 365 users to quickly detect potential phishing attacks or potential sender spoofing attempts says Microsoft.

When one of the emails in your inbox gets marked by the Office 365 Unverified Sender feature, you should be careful while interacting with them as they could be malicious or being sent by a potential attacker that spoofed the sender.

Microsoft also states that emails will not be analyzed using the Unverified Sender filter if the user has set the sender as a 'Safe Sender' in their inbox or the messages were delivered to the user's Outlook inbox via an admin allow list, including Email Transport Rules (ETRs), Safe Domain List (Anti-Spam Policy), or Safe Sender List.

The suspicious email indicator is going to be automatically tagged with a question mark if the message did not "pass either SPF or DKIM authentication and receive either a DMARC pass, or a composite authentication pass from Office 365 Spoof Intelligence."

Microsoft provides more information on how to properly validate outbound email sent from Office 365 custom domains using DKIM and on how to prevent spoofing by configuring SPF in Office 365.

2048-bit DKIM key sizes

Redmond is also rolling out increased DKIM key sizes to 2048-bit from the current 1024-bit size for all Office 365 customers during October, to enhance security in all environments.

"If you already have your default or custom domain DKIM enabled in Office 365, it will automatically be upgraded from 1024-bit to 2048-bit at your next DKIM configuration rotation date," says Microsoft.

Administrators can manage DKIM configuration using the Get-DkimSigningConfig cmdlet via Exchange PowerShell Admin sessions.

This new 2048-bit key takes effect on the RotateOnDate, and will send emails with the 1024-bit key in the interim. After four days, you can test again with the 2048-bit key (that is, once the rotation takes effect to the second selector). — Microsoft

Both the 2048-bit DKIM key sizes and the new Office 365 Unverified Sender feature are rolling out now and, as a result, might not be available yet for all users.

Microsoft is also rolling out better malicious emails analysis capabilities for Office 365, announced back in late July and allowing Microsoft 365 admins with Threat Explorer access to preview and download malicious emails for further investigation.

Redmond also urged Microsoft Office 365 administrators and users to not bypass the built-in spam filters in a support document published in June and provided guidelines for cases when this can't be avoided.