This is anecdotal, but I think it illustrates even at a smaller scale
the persistent problem Microsoft currently has with their tenancy.
I did some quick perusal of the last month's data from our email logs,
and out of a total of 22,473 external emails that contain a
.onmicrosoft.com subdomain in the RFC5322.FROM field -- 22,086 were
blocked because of various reasons:
* 21,228 spam
* 1 malware
* 759 phishing
* 5 impostor
* 93 "hard" failed SPF without a DMARC record since onmicrosoft.com
doesn't have one. (probably forwarded)
387 "clean" emails were delivered successfully initially, and 151 of
those initial delivers were then later retroactively classified as being
spam or phishing.
So even at this scale, we're left with a minutia of ~0.01% "legitimate"
emails, most of which are from misconfigured Exchange Online mailboxes
or Office365 groups from various businesses.
So, YMMV widely, but for most organizations, as John said, definitely
not going to be missing /too /much. Most of what I see that's legitimate
in our traffic would be 3 or 4 specific subdomain additions to a
safelist from the hypothetical block rule, and that would be it.
- Mark Alley
On 1/14/2024 12:17 PM, John Levine via mailop wrote:
It appears that Russell Clemings via mailop<rclemi...@gmail.com> said:
"You can keep using the initial onmicrosoft.com domain even after you add
your domain. It still works for email and other services, so it's your
choice."
... or am I misunderstanding?
I'm tempted to block *. onmicrosoft.com completely but I'm very afraid.
I concur with the advice to block it. You're not going to miss any mail
you care about.
R's,
John
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
