Re: [mailop] SMTP dictionary attacks from 20.42.100.251 (one of Microsoft's IP addresses)

Tue, 02 Jan 2024 06:46:19 -0800

For the record,it's all of the Azure, Google, AWS Cloud, Tencent and many other cloud providers that are now abused for BEC Email Compromise, and dictionary attacks.
Since very few 'servers' are used for email authentication/clients it is quite effective to block email auth from those providers by default. 


MagicMail servers allow blocking AUTH from those ranges by default, 
except for allowed exemptions, for the last couple years as it has got 
that bad.



There is a difference between an email client, and other devices, so 
various fingerprinting and identification tricks in the SMTP and IMAP 
servers can help.



But there are edge cases to consider, eg desktop in the cloud, and IMAP 
monitoring SaaS tools, but in general.. blocking AUTH from cloud 
providers that don't quickly respond to abuse complaints, is the way to 
go ;0


Happy New Year All..



On 1/1/24 02:05, Marco Moock via mailop wrote:

Am 01.01.2024 um 01:46:44 Uhr schrieb Randolf Richardson, Postmaster
via mailop:


        Is anyone seeing large numbers of dictionary attacks from
20.42.100.251 (which is owned by Microsoft)?  I'm curious if they're
engaging in large-scale targeting.


Doesn't have a PTR, so no regular mail server.
I assume it is one of their Azure customers servers that has been
hacked or is rented by an abuser.


P.S.:  I don't bother reporting abuse directly to Microsoft anymore
because in the past they just bounced every message sent to their
postmaster@ and abuse@ accounts.


For what reason did the bounce those messages?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to