Could be mobile connections being proxied, yes. But if it was due to not
liking the features (which I'm quite certain has not changed on our end)
wouldn't it be more logical to quit after HELO/EHLO rather than AUTH?
On 2023-08-14 11:08, Sebastian Nielsen via mailop wrote:
Could it also be their outlook for mobile connections, where the connection
fails for some other reason, like the server don't like the features supported?
It seems to use some sort of proxy, where outlook's server connects to the
server in question instead of a direct connection from the phone to server.
-----Ursprungligt meddelande-----
Från: Dan Malm via mailop <mailop@mailop.org>
Skickat: den 14 augusti 2023 11:06
Till: mailop@mailop.org; ab...@microsoft.com
Ämne: [mailop] Abuse AUTH from Microsoft outlook IP space
Hi,
Since Friday I'm seeing a rather extreme amount of SMTP AUTH requeusts
from the same IPv6 IP space that outlook.com uses when sending emails on
behalf of customers that have added an "external" address to sync and
send from to their outlook account. The AUTH uses valid credentials for
the accounts but just hangs up after AUTH. The amount of connections
seems to increase daily.
For the last 24h I have ~11M AUTH requests but only ~5K mails actually
sent from the 2603:1026::/32 range. I also see some similar patterns
from the other ranges that seems to send outlook mail: 2603:1036::/32,
2603:1046::/32, 2603:1056::/32 but the bulk of it is from the 1026 one.
Anyone from MS listening that would like to comment?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
