Update 8/12/2025: Added the FAQ to the post. Also, to help shed more light on the Direct Send feature, we published a newer post called Direct Send vs sending directly to an Exchange Online tenant.
...
Updated Oct 06, 2025
Version 13.0
Blog Post
Greetings - Do you have any news, notes, commentary, or words to the wise regarding mitigating threat actors abusing the Direct Send feature? Is there any anticipated holistic action on Microsoft's part to address the issue? The ability to bypass filtering mechanisms and other safeguards feels like a fairly significant problem given that a great number of domains have had no attention given to SPF, DKIM, or DMARC, nor do many tenants have any security configuration beyond the defaults in place.
It reminds me a bit of when logging was not a default feature, and legacy tenants had no logging. If you were lucky enough to know about this BEFORE it was an issue, you were golden. Else, you are sorta out of luck.
https://www.varonis.com/blog/direct-send-exploit