We are detecting hundreds of thousands of malicious messages originated by M365 using this schema:
* The attacker creates a hybrid tenant on 365 * The attacker configures the tenant to use the outbound gateway of the victim (a 365 customer who does not cooperate in validating the outbound gateway) * The attacker sends fake bounces (empty envfrom) spoofing the header-from domain of the victim My personal assumption has always been that this kind of spoofing of another Microsoft customer’s domain was not possible on 365. If someone from Microsoft thinks this is worth investigating, I can provide email samples of contacted directly. Bye Rodolfo -- [Libraesva] Rodolfo Saccani | CTO Website: www.libraesva.com<https://www.libraesva.com> | Telephone: +39 0341350601<tel:+390341350601> This message was scanned by Libraesva ESG and is believed to be clean.
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
