Ah, yep, thanks for catching that typo.
On 1/14/2024 4:56 PM, Andrew C Aitchison wrote:
On Sun, 14 Jan 2024, Mark Alley via mailop wrote:
This is anecdotal, but I think it illustrates even at a smaller scale
the persistent problem Microsoft currently has with their tenancy.
I did some quick perusal of the last month's data from our email
logs, and out of a total of 22,473 external emails that contain a
.onmicrosoft.com subdomain in the RFC5322.FROM field -- 22,086 were
blocked because of various reasons:
* 21,228 spam
* 1 malware
* 759 phishing
* 5 impostor
* 93 "hard" failed SPF without a DMARC record since onmicrosoft.com
doesn't have one. (probably forwarded)
387 "clean" emails were delivered successfully initially, and 151 of
those initial delivers were then later retroactively classified as
being spam or phishing.
So even at this scale, we're left with a minutia of ~0.01%
236/22473 ~= 1%
"legitimate" emails, most of which are from misconfigured Exchange
Online mailboxes or Office365 groups from various businesses.
So, YMMV widely, but for most organizations, as John said, definitely
not going to be missing /too /much. Most of what I see that's
legitimate in our traffic would be 3 or 4 specific subdomain
additions to a safelist from the hypothetical block rule, and that
would be it.
- Mark Alley
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
