You'd potentially catch vacation replies and other automatically generated
legitimate responses if you reject based on MAIL FROM: <>. But it might be
a good first approximation anyway. If the cloud makes it impossible to
clearly distinguish between legit and abusive senders, false positives are
essentially unavoidable. If legit senders are affected they should take it
up with their provider.
Cheers,
Hans-Martin
Am 2. November 2021 08:30:23 schrieb Jarland Donnell via mailop
<mailop@mailop.org>:
That's me. In my second run through I seem to have successfully not
listed any used by Office 365, and anything else legitimate that doesn't
send mail I generally don't worry about hitting. Casting too wide of a
net is only a problem if it catches something you don't want it too.
That said, I seem to have still missed the full range of cloud server
IPs and I've made a third run through to just hit the IPs that have sent
spam to my servers. That isn't very effective either, since they're just
cycling through cloud IPs like candy. They're also rotating out domains
and email subjects quite rapidly.
Maybe I need to rethink the method entirely. Microsoft IP + no envelope
sender looks to be a good combo to target what I'm seeing.
On 2021-11-01 22:38, Graeme Slogrove via mailop wrote:
(That link is being deprecated)
One must be careful about blocking entire Azure ranges. There are
valid third-party services (authorized for SMTP) that run on Azure
hosted VM infrastructure (Office 365 included) that you should expect
to receive email from.
I've just received multiple blocklist notifications for our cloud
services which seems to indicate that someone has added ALL of Azure
Ranges (mxrbl.com)
There is a web service that provides this information, segmented by
service, allowing for segregation
https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
REST Service
https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide
Regards,
Graeme Slogrove
Sr. Director, Product Engineering
-----Original Message-----
From: mailop <mailop-boun...@mailop.org> On Behalf Of Michael
Peddemors via mailop
Sent: Tuesday, 2 November 2021 12:10 PM
To: mailop@mailop.org
Subject: Re: [mailop] cloudapp.azure.com spamming again
-----------------------------------------------------------------------------------------------------------------------------------------
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
-----------------------------------------------------------------------------------------------------------------------------------------
Hey.. point taken, and have mentioned it to the SpamRats team, who are
apparently co-incidentally in the middle of a website upgrade to make
it more visible..
The listing is available to SpamRats partners more easily.. but while
they are doing their thing.. as per a recent discussion on the list,
the data is available publicly, just that the SpamRats team has it in
RBLDNSD format as well for ease of use.
The 'current' link.. (it does change) is..
You can parse that, to get the IP Ranges..
Hope that helps in the mean time, or you can reach out to SpamRats
team directly..
Email secured by Trustwave advanced threat protection. Learn more at
https://trus.tw/mailmarshal
This transmission may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law. If
you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
