What happens when a Microsoft feature built for convenience becomes an attacker’s perfect disguise?

A growing trend in 2025 involves the abuse of Microsoft 365’s Direct Send feature, a legitimate functionality that, in the wrong hands, can be weaponized to bypass authentication checks, fool legacy defenses, and land directly in user inboxes.

Abnormal AI has observed these attacks firsthand across multiple industries and customer environments, and our research confirms they represent one of the most insidious forms of phishing today. This post unpacks what Direct Send abuse is, why it poses such a unique risk, why traditional defenses often fail, and how Abnormal is uniquely positioned to stop these attacks in their tracks.

Microsoft 365’s Direct Send feature was designed for a straightforward purpose: to let internal devices—such as printers, scanners, and multifunction applications—send email without providing authentication credentials like passwords or certificates.

Because these devices lack proper authentication setup, the messages they send often trigger “none” or “fail” results in SPF, DKIM, and DMARC checks performed by recipients’ mail servers. However, to avoid disrupting business operations, many organizations configure their mail flow rules to allow these emails when they come from known internal IP ranges.

Unfortunately, threat actors have discovered how to exploit this exception. By spoofing internal email addresses and routing messages through Microsoft’s SMTP relay infrastructure, attackers can create emails that look like legitimate internal communications. Since these messages may appear to come from Microsoft's mail servers and can be processed by Exchange Online Protection (EOP) services, they often seem more trustworthy to both security tools and end users.

Unlike account takeover or credential stuffing, Direct Send abuse does not require a single login attempt. No compromise of a mailbox, no stolen password—just pure infrastructure-level impersonation. This makes the attacks not only stealthy but also incredibly difficult to trace.

Abnormal’s threat intelligence confirms just how widespread this problem has become. While initially concentrated in the legal sector, Direct Send campaigns have since expanded into multiple other industries, underscoring that no vertical is immune.

Direct Send abuse is not a single tactic but rather a collection of techniques that prey on the trust users place in internal communications. Abnormal and external researchers have documented several recurring methods:

• Impersonation of Internal Users: Threat actors spoof addresses belonging to executives, IT teams, or even the recipient themselves. Emails appear to originate from inside the organization, instantly gaining user trust.

• Voicemail and Service Notifications: Many campaigns mimic system alerts, such as voicemail transcriptions or file-sharing messages. The realistic formatting and familiar tone drive clicks.

• QR Code Phishing (aka “Quishing”): Some attacks leverage PDF attachments containing QR codes that redirect to phishing websites. By proxying the legitimate Microsoft login page, attackers trick users into handing over credentials.

• Obfuscated Attachments: Abnormal case studies show emails carrying attachments with no visible body content, no URLs, and only “empty” files. These attachments use multiple layers of encryption, encoding, and obfuscation to evade scanning until opened by the victim.

• Use of Legitimate Infrastructure: Because the messages travel through Microsoft servers, many email defenses inherently trust them, mistaking them for safe internal traffic.

• Automation at Scale: External reporting has noted that attackers often automate these campaigns, combining scripts with trusted network hosts to send thousands of convincing messages with minimal effort.

The danger of Direct Send abuse lies not just in its technical execution, but in the psychological leverage it grants adversaries.

When a message appears to originate from a colleague—or worse, from the recipient’s own account—the likelihood of engagement increases exponentially. This manufactured familiarity bypasses rational scrutiny, prompting users to interact with emails they would otherwise question. The trust inherently placed in internal messages becomes the very mechanism of compromise.

Once attackers gain that initial foothold, credential theft is often the endgame. Whether through QR-based redirection, malicious attachments, or cloned login pages, attackers use Direct Send as a vehicle to deceive users into surrendering authentication details. Once obtained, those credentials serve as a gateway to broader exploitation across the organization.

What makes these campaigns even more dangerous is how effectively they evade legacy defenses. Authentication checks like SPF, DKIM, and DMARC often return ambiguous results such as “temperror” or “none,” leaving traditional tools unable to classify the messages as malicious. Without clear indicators of compromise, these emails blend into normal traffic and remain undetected.

Perimeter-focused email security solutions were never designed to defend against threats that originate from within trusted infrastructure—precisely the vector that Direct Send abuse exploits.

Secure email gateways (SEGs) sit outside the Microsoft 365 environment, inspecting inbound messages before they reach the cloud tenant. But Direct Send messages are delivered from within Microsoft’s ecosystem, bypassing these external inspection points entirely. In many cases, SEGs don’t see the messages at all.

Even when messages are evaluated, legacy tools rely heavily on static indicators of compromise—e.g., malicious URLs, recognizable payloads, or suspicious language patterns. Direct Send campaigns often omit these signals entirely. Instead, they deploy encrypted or obfuscated attachments, blank email bodies, and other evasive tactics that sidestep signature-based detection.

The challenge is compounded by inherent trust. Emails routed through Microsoft’s infrastructure are often safelisted by default or treated as internal traffic. As a result, traditional tools misclassify them as benign, allowing them to bypass controls designed for external threats.

This creates a critical blind spot. Direct Send abuse blends trusted infrastructure, internal impersonation, and the absence of detectable artifacts—rendering SEGs ineffective. For organizations relying solely on static tooling, this gap leaves users vulnerable to threats that appear indistinguishable from legitimate internal communication.

Abnormal has detected and remediated numerous Direct Send abuse campaigns across its customer base. The examples below highlight both the tactics and the blind spots of traditional tools.

QR Code Phishing

In one campaign, attackers delivered a PDF attachment containing a QR code that proxied Microsoft’s login page. When scanned, the QR redirected users to a credential-harvesting site. Because the email came through Microsoft infrastructure, it bypassed a legacy SEG entirely.

Calendar Invite Impersonation

Another campaign spoofed internal domains to deliver malicious attachments disguised as calendar invites. With no URLs or visible body text, the emails appeared benign. The attachments were encrypted and obfuscated to avoid scanning, rendering SEG defenses useless.

Direct Send abuse underscores why native API integration and behavioral AI are essential to modern email security. Abnormal takes a layered approach that ensures these attacks are detected even when signature- and rule-based defenses fail.

Behavioral AI and Identity Modeling

Abnormal learns the normal communication patterns across your organization and uses that context to flag anomalies. This includes unusual behaviors such as self-addressed messages, spoofed internal accounts, or traffic that only appears to be internal but doesn’t match past activity.

Multi-Layered Technical Detection

In addition to behavioral signals, Abnormal inspects SPF, DKIM, and DMARC results, even when authentication is bypassed or fails. The system identifies first-seen domains, mismatched headers, and suspicious sending infrastructure. Attachments are analyzed for obfuscation or hidden malicious content, including PDFs with embedded QR codes designed to redirect users to phishing sites.

Campaign-Level Visibility

Rather than treating each malicious message in isolation, Abnormal groups related phishing attempts into a single campaign view. This gives security teams visibility into coordinated attacks, highlighting impersonated VIPs, targeted individuals, and the common tactics being used across a campaign.

Automated Remediation

Through its direct Microsoft 365 API integration, Abnormal can quarantine or remove malicious emails even after initial delivery. Security teams also receive detailed reporting and forensic context, enabling them to understand the scope of the attack and respond more effectively.

Continuous Adaptation

Abnormal’s detection engines are continuously updated as new attacker methods emerge. Feedback from customer environments and the observation of evolving tactics are fed back into detection models, ensuring the platform adapts in real time to maintain high efficacy.

Microsoft Direct Send abuse represents a dangerous evolution in phishing. By exploiting a legitimate Microsoft feature, attackers bypass authentication checks and signature-based defenses, making their messages nearly indistinguishable from real internal communications. The result is a potent mix of stealth, scale, and believability that puts organizations at significant risk.

While some providers recommend disabling Direct Send altogether, this is rarely feasible for organizations relying on printers, scanners, or internal applications that require the feature. Abnormal protects customers without disrupting business operations.

Unlike SEGs, which can be bypassed, Abnormal inspects all inbound email traffic—including Direct Send—through its Microsoft 365 integration. This ensures that even malicious emails delivered directly into the tenant are analyzed, flagged, and remediated in real time.

This capability is not theoretical. Customers who previously relied on SEGs have seen Direct Send campaigns land in user inboxes undetected. After moving to Abnormal, those same attacks are instantly remediated, with detailed forensic context provided to their SOC teams.

Direct Send abuse isn’t just a passing trend; it’s a clear demonstration that adversaries will always find ways to weaponize trust. With behavioral AI and native API integration, Abnormal restores visibility, blocks these campaigns, and protects employees from deception that perimeter-focused tools cannot see.

See for yourself how Abnormal stops the advanced attacks that bypass legacy SEGs. Schedule a demo today.