I'm seeing in today's logs plenty of blocking of hosts ending with ".onmicrosoft.com" but also plenty of SMTP connections not being blocked.
Those MS-Miscreants seem to have moved on from mixing names of farm animals and car brands to names that seem like they could be for professional firms like "jlrlawcorp.onmicrosoft.com" ... and none of the names like that - but in the form of "jlrlawcpro.com" - are even registered, so they might just be figments of some spammer's imagination, or made up by an algorithm (AI would be overkill, but someone's probably wasting resources on that too). So far, the spot checks I've done include quite a bit of legitimate eMail -- some from schools, health/medical service providers, various government agencies, and a smattering of different businesses that are providing professional services and which I don't believe are using spam to do marketing. The common thing I'm noticing with all of these senders is that they're sending from their own domain names, even though the HELO/EHLO string ends with .onmicrosoft.com. The blacklists seem to be blocking mostly the ones that send directly from @<something-strange>.onmicrosoft.com addresses, which should make filtering easy if we can confirm for certain that no legitimate eMail has these as the sender -- that is, not in the "Return-Path:" header and not in the "From:" header. > I see in today's logs that Spamhaus is now blocking (for us) hundreds of > these onmicrosoft.com subdomains. > > Regards, > Mark > _________________________________________________________________ > L. Mark Stone, Founder > North America's Leading Zimbra VAR/BSP/Training Partner > For Companies With Mission-Critical Email Needs > > ----- Original Message ----- > From: "Hans-Martin Mosner via mailop" <mailop@mailop.org> > To: "mailop" <mailop@mailop.org> > Sent: Thursday, January 18, 2024 5:13:30 PM > Subject: Re: [mailop] Anyone else noticing an increase in spam from Office365 > distribution lists? > > Am 17.01.24 um 15:35 schrieb Hans-Martin Mosner via mailop: > > > > Am 17.01.24 um 15:20 schrieb Paul Menzel via mailop: > > BQ_BEGIN > With this in mind, did somebody compile a block list yet? Or should I just > create a whitelist? > > > > A block list does not make sense, as new domains are added continuously. It's > just too simple. > BQ_END > > > Maybe it's still a possible approach, I've noticed a number of domains which > were used multiple times yesterday and today, so that could be a start. > > Cheers, > Hans-Martin > akwvsldz.onmicrosoft.com > bekoduwa.onmicrosoft.com > btowk.onmicrosoft.com > calmaa.onmicrosoft.com > cwonvkes.onmicrosoft.com > elimf.onmicrosoft.com > es01ms.onmicrosoft.com > exlzbuch.onmicrosoft.com > hwmaevdc.onmicrosoft.com > icloudwater.onmicrosoft.com > jymmgqxbugfoo.onmicrosoft.com > kalinzo.onmicrosoft.com > lnhvu.onmicrosoft.com > lxebaifv.onmicrosoft.com > muvzwtns.onmicrosoft.com > nmvukcow.onmicrosoft.com > nrhhwdliwprctsbbugfoo.onmicrosoft.com > nwvakomb.onmicrosoft.com > oemdxabu.onmicrosoft.com > ohzxuawl.onmicrosoft.com > okawas220.onmicrosoft.com > omvehxsk.onmicrosoft.com > or02ms.onmicrosoft.com > or03ms.onmicrosoft.com > or05ms.onmicrosoft.com > oxzdtluw.onmicrosoft.com > skdwbmot.onmicrosoft.com > skeeepur.onmicrosoft.com > sp001ms.onmicrosoft.com > sp003ms.onmicrosoft.com > svnvb.onmicrosoft.com > t021ms.onmicrosoft.com > t024ms.onmicrosoft.com > troggue.onmicrosoft.com > tszlrhwn.onmicrosoft.com > us01ms.onmicrosoft.com > vknhsutl.onmicrosoft.com > vlaucbde.onmicrosoft.com > vocldbut.onmicrosoft.com > wuleu.onmicrosoft.com > x24m2v2.onmicrosoft.com > x337i94.onmicrosoft.com > x6472u0.onmicrosoft.com > x6m471q.onmicrosoft.com > xbyybto.onmicrosoft.com > xcoulsth.onmicrosoft.com > xjuj241.onmicrosoft.com > xpfyc9f.onmicrosoft.com > xx31656.onmicrosoft.com > xxkm2i6.onmicrosoft.com > xyl9v2y.onmicrosoft.com > zeusshow.onmicrosoft.com > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop