On 4/29/16 7:25 AM, Benoit Panizzon wrote:
I am seeing in my logs some bounces messages (empty sender) from
> various outbound.protection.outlook.com servers. All those bounce
> messages are directed towards one specific email address which is
> probably used as an envelope field in a spam run.
>
> Now my question is: if it comes from outbound servers for outlook.com,
> shouldn't the mails also pass through some kind of inbound servers at
> outlook.com? If that's the case, how comes that those messages which
> surely have a wrong DMARC, SPF and DKIM pass through the incoming
> gateways?
We have exactly the same problem. We sometimes observe that some of our
customers get DOSed by large volumes of outbound.protection.outlook.com
bounces.
The 'Attacker' apparently is a botnet (aka many different ip
addresses) that fakes the sender@our-domain and sends very small emails
to various non existing recipients hosted on
outbound.protection.outlook.com servers.
I had similar issues a few years ago with Cox.net.
Their mail servers were bounce flooding my mail servers due to a Joe
Job. Contacted them, and rather then fixing their mail servers so it
wouldn't accept-then-bounce or blocking the source, they instead
blacklisted my e-mail address.
Companies need to get their shit together and solve the source of
problems, not band-aid random things and pretend like its not going on
in the first place.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop