FWIW, after a log file review we are contemplating blocking "azurewebsites.net" as well as "@onmicrosoft.com".
Curious if others are coming to the same conclusion? Regards, Mark _________________________________________________________________ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs ----- Original Message ----- From: "Mark Alley via mailop" <mailop@mailop.org> To: "Andrew C Aitchison" <and...@aitchison.me.uk> Cc: "mailop" <mailop@mailop.org> Sent: Sunday, January 14, 2024 6:30:22 PM Subject: Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists? Ah, yep, thanks for catching that typo. On 1/14/2024 4:56 PM, Andrew C Aitchison wrote: On Sun, 14 Jan 2024, Mark Alley via mailop wrote: BQ_BEGIN This is anecdotal, but I think it illustrates even at a smaller scale the persistent problem Microsoft currently has with their tenancy. I did some quick perusal of the last month's data from our email logs, and out of a total of 22,473 external emails that contain a .onmicrosoft.com subdomain in the RFC5322.FROM field -- 22,086 were blocked because of various reasons: * 21,228 spam * 1 malware * 759 phishing * 5 impostor * 93 "hard" failed SPF without a DMARC record since onmicrosoft.com doesn't have one. (probably forwarded) 387 "clean" emails were delivered successfully initially, and 151 of those initial delivers were then later retroactively classified as being spam or phishing. So even at this scale, we're left with a minutia of ~0.01% 236/22473 ~= 1% BQ_BEGIN "legitimate" emails, most of which are from misconfigured Exchange Online mailboxes or Office365 groups from various businesses. So, YMMV widely, but for most organizations, as John said, definitely not going to be missing /too /much. Most of what I see that's legitimate in our traffic would be 3 or 4 specific subdomain additions to a safelist from the hypothetical block rule, and that would be it. - Mark Alley BQ_END BQ_END _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop