Just to be sure because I didn't see you mention it, make sure you've
contacted them via the form I often see linked so many different ways
but I'll link as this:
https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=636165504238569370
Make sure to request that the IPs be put into temporary mitigation as
you're warming up a new IP range. When they tell you that can't be done,
reply and ask for it again, as many times as is necessary. It's just the
way the dance is done, I've always been told.
Certainly, it would be faster for one of our friends here on this list
to help you if they can, but it's been a few hours since you sent this
and I at least have information that is more helpful than silence. So I
hope it helps some.
On 2022-11-14 03:13, Rodolfo Saccani via mailop wrote:
If anybody from Microsoft con help on this, my gratitude will be huge.
Some companies (like Southeastern railways, for example) are currently
unable to deliver their legit email traffic to Microsoft customers.
We are an email security vendor operating worldwide, we develop and
sell email security virtual appliances and we also operate thousands
of those in our cloud for the customers that choose so.
In London we had to rush to move customers out of UKCLOUD because the
company went into liquidation (
https://ukcloud.com/hub/news/liquidation/ ). UKCLOUD used to host
assets of government bodies, it has been branded as “the UK
sovereign cloud” and for this reason many of our UK customers wanted
to be hosted there.
Because of the liquidation, service continuity is not guaranteed
anymore. We have quickly moved all of the customers to another DC in
London and for such customers we used a new IPv4 /24 that we had
recently acquired (194.39.109.0/24).
We usually don’t have problems in ramping up the reputation of a new
subnet, all of our outbound email traffic is scanned and clean, every
customer has it’s own IP address(es) and we do not accept marketing
customers.
This time it’s been different. The spike in email traffic from about
100 IP addresses belonging to this new subnet is probably seen as
suspicious. These IP addresses are currently heavily rate-limited
despite us having followed the usual procedure through escalations
with Microsoft support.
Some of these customers (public service operators and major colleges,
for example) have a significant outbound email flow being scanned and
delivered from these IP addresses, well above the current limits
allowed by Microsoft and we are forced to route some of the traffic
through relays with a good reputation. This is an emergency procedure
for us because it mixes outbound traffic of different customers
through shared IP addresses, which is something that we don’t do
except in critical situations like this.
Rate-limiting is usually temporary and the limits increase in a
reasonable time but this time it looks like it’s not happening. I am
worried that we might have ended up in a corner, for this reason I
decided to write here, something I’ve never done in many years.
Thanks to whoever will be able to help or provide suggestions.
Rodolfo
--
Rodolfo Saccani | CTO
Email: rodolfo.sacc...@libraesva.com | Phone: +3903411880307 [1]
Links:
------
[1] tel:+3903411880307
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
