Heh. Just to be clear, when I say, "HotMail", I'm implying the consumer offering known as, "Outlook.com". It's confusing as ****, and I really wish they had chosen another name, but alas.
Logs should suffice, but if there's any way to get a sample to know the shape of the attack when it hits us, even better. Is it all to the same user on your system, or is there a structure to the unknown mailbox names? Aloha, Michael. -- Sent from my Windows Phone ________________________________ From: Renaud Allard<mailto:ren...@allard.it> Sent: 4/29/2016 7:30 AM To: Michael Wise<mailto:michael.w...@microsoft.com>; Benoit Panizzon<mailto:benoit.paniz...@imp.ch>; mailop@mailop.org<mailto:mailop@mailop.org> Subject: Re: [mailop] Bounces from outbound.protection.outlook.com Hi Michael, On 04/29/2016 04:22 PM, Michael Wise wrote: > Protection.outlook.com is Office365, and *NOT* "HotMail". > > If you have samples of the malicious NDRs, please send them to me, and > I'll see if there's a way to squelch it. > I never implied that protection.outlook.com is hotmail in any way. I don't have samples of those NDRs as they are all sent to a non existent mailbox. I can send you logs of when it happened. If you really want the NDR messages themselves, I will have to create a mailbox in which they can be stored.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop