Re: [mailop] Microsoft 365 send spam via high-risk delivery pool (instead of block it)
>>What if the email was beng sent to an abuse team to complain that
Simple:
If (this.header('to') =~ m/.*>What if this is someone asking a trusted one whether the deal is real?
>>..or their reply that it is not?
if (Checkinbox(from, this.header('to')) == true) {
Permit();
}
Else
{
Block();
}
Sub Checkinbox(header as string, targetvalue as string) as Boolean {
Result = false;
Foreach mail in inbox {
If mail.open.header(header) == targetvalue {
Result = true;
}
}
Return Result;
}
>>What if it's a blog / mailing list post when someone sent that?
That would be cumbersome, but so rare that it could be passed
>>Or a mail forwarded from a spamtrap?
The provider of course knows its spamtraps, and can excempt them from egress
filtering.
>>Or a newsletter alerting from certain scams on the rise?
>>Not to mention a mailing list such as this one, discussing spam topics.
Newslettes and mailing lists can gain a special trusted status when enough
people on the same provider have subscribed to it.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft 365 send spam via high-risk delivery pool (instead of block it)
On 2022-09-29 at 08:19 +0200, Alessio Cecchi wrote: > if you can identify a message as unwanted why do you have to send it > anyway? It does not seem to me a positive contribution to the cause > of a better internet, but only a discharge of responsibility on the > receiving server. The tricky question is: How are you sure it's unwanted? Suppose the body of the email contains a well-known text of a Nigerian prince scam. Surely that email would be unwanted, right? Except... What if the email was beng sent to an abuse team to complain that *they* sent such email? What if this is someone asking a trusted one whether the deal is real? ...or their reply that it is not? What if it's a blog / mailing list post when someone sent that? Or a mail forwarded from a spamtrap? Or a newsletter alerting from certain scams on the rise? Not to mention a mailing list such as this one, discussing spam topics. > In any case, some one know what are the IP address in the "high-risk > delivery pool" of Microsft 365? This is a good question. Microsoft throughly documents its use of an High Risk Delivery Pool... but not which ranges it uses for that. According to https://o365info.com/high-risk-delivery-pool-and-exchange-online-part-9-17/ it would be using 157.56.0.0/15 Regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail as well as Google Worskapce refuse all email from my domain
On Sun, 2 Oct 2022, Arek Patyk via mailop wrote: Hi, I have my company domain hycom dot pl hosted on microsoft o365 exchange online for 7 years. Last week google servers stopped accepting our mails. During last few days I got: 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 [40.107.22.60 7] Our system has detected that this message is;likely unsolicited mail. To reduce the amount of spam sent to Gmail,;this message has been blocked. Please visit; https://support.google.com/mail/?p=UnsolicitedMessageError; for more information. e17-20020a17090658d100b007833c7cf1dcsi6683774ejs.387 - gsmtp I have no idea what is going on and why. Microsoft support confirmed that there wasn't any suspicious activity. I bought one Google Workspace account to get support ;) They said that my domain had a low reputation in Google, but he couldn't say why. He advised me to wait... I had definied SPF and DKIM https://multirbl.valli.org/lookup/hycom.pl.html Is there any way to contact someone in Google who can help ? Or any other idea what I can do more? I am thinking aloud, about what *should happen*, so this wont solve your current problem. Microsoft provide your mail servers, so you could argue that it is up to them to ensure deliverability. Does your o365 contract stipulate a certain level of deliverability, and deliverability to google/gmail ? If not, are you going to put such conditions in when you renew ? If so, you have made it Microsoft's problem and they have an incentive to a) get google to accept mail from o365 and b) keep the flow from o365 to gmail clean enough the Google don't block you again. I don't need your answers to the above questions. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail as well as Google Worskapce refuse all email from my domain
what is strange i have on this microsoft tenant another domain with .digital suffix - and all mails from this domain are delivered to gmail without any problems. a. niedz., 2 paź 2022 o 13:35 Hans-Martin Mosner via mailop napisał(a): > > Am 02.10.22 um 12:44 schrieb Arek Patyk via mailop: > > We have had MFA authentication on all accounts for years and we > > checked all logs from email activity from last month. Compromising an > > account is almost impossible. I must be something else. > > It's not about you, it's about other Office365 customers who seem to be > easily compromised (just judging by the > statistics). Here's a list of just the polish O365 domains with compromised > accounts seen in the last week, many of > which seem to be educational institutions: > > 3lokonin.pl > edu.pckziuwalcz.pl > kasprzak.edu.pl > office365.spkeblowo.strefa.pl > office.reytan.edu.pl > pspilza.pl > redshift.net.pl > sp10nysa.edu.pl > sp4.ilawa.pl > sp4mm.edu.pl > sp6.elodz.edu.pl > sptolkmicko.szkola.pl > wmzdz.edu.pl > zs1plonsk.edu.pl > zs37.waw.pl > zs3.lukow.pl > zs-3.pl > zscl.pl > zsken.pl > zsropczyce.pl > zssam.edu.pl > zst.info.pl > zst-ostrow.edu.pl > > > But how to get info from google where the problem is? > > Well, ... I don't know, sorry. > > Cheers, > Hans-Martin > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail as well as Google Worskapce refuse all email from my domain
Am 02.10.22 um 12:44 schrieb Arek Patyk via mailop: We have had MFA authentication on all accounts for years and we checked all logs from email activity from last month. Compromising an account is almost impossible. I must be something else. It's not about you, it's about other Office365 customers who seem to be easily compromised (just judging by the statistics). Here's a list of just the polish O365 domains with compromised accounts seen in the last week, many of which seem to be educational institutions: 3lokonin.pl edu.pckziuwalcz.pl kasprzak.edu.pl office365.spkeblowo.strefa.pl office.reytan.edu.pl pspilza.pl redshift.net.pl sp10nysa.edu.pl sp4.ilawa.pl sp4mm.edu.pl sp6.elodz.edu.pl sptolkmicko.szkola.pl wmzdz.edu.pl zs1plonsk.edu.pl zs37.waw.pl zs3.lukow.pl zs-3.pl zscl.pl zsken.pl zsropczyce.pl zssam.edu.pl zst.info.pl zst-ostrow.edu.pl But how to get info from google where the problem is? Well, ... I don't know, sorry. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail as well as Google Worskapce refuse all email from my domain
We have had MFA authentication on all accounts for years and we checked all logs from email activity from last month. Compromising an account is almost impossible. I must be something else. But how to get info from google where the problem is? Cheers, Areq niedz., 2 paź 2022 o 12:23 Hans-Martin Mosner via mailop napisał(a): > > There probably wasn't suspicious activity from your domain, but there has > been a significant wave of fake dating spam sent via presumably compromised > Office365 accounts. I've noticed such waves a number of times in the past, > but haven't been able to get information about the root cause for such > massive account break-ins. My guess is that there either has been some > password file exfiltration (unlikely) or easily guessable standard passwords > on newly created accounts. As most of the domains seem to be educational > institutions, I suspect the latter. > > I'm not in a position to influence Microsoft to enforce better password > security on their hosted domains, and it's likely that their contracts > wouldn't allow that anyway. > > Cheers, > Hans-Martin > > Am 2. Oktober 2022 12:05:05 schrieb Arek Patyk via mailop : > >> Hi, >> >> I have my company domain hycom dot pl hosted on microsoft o365 >> exchange online for 7 years. Last week google servers stopped >> accepting our mails. During last few days I got: >> 550 5.7.350 Remote server returned message detected as spam -> 550 >> 5.7.1 [40.107.22.60 7] Our system has detected that this message >> is;likely unsolicited mail. To reduce the amount of spam sent to >> Gmail,;this message has been blocked. Please visit; >> https://support.google.com/mail/?p=UnsolicitedMessageError; for more >> information. e17-20020a17090658d100b007833c7cf1dcsi6683774ejs.387 - >> gsmtp >> >> I have no idea what is going on and why. >> Microsoft support confirmed that there wasn't any suspicious activity. >> >> I bought one Google Workspace account to get support ;) >> They said that my domain had a low reputation in Google, but he >> couldn't say why. He advised me to wait... >> >> I had definied SPF and DKIM >> https://multirbl.valli.org/lookup/hycom.pl.html >> >> Is there any way to contact someone in Google who can help ? >> Or any other idea what I can do more? >> >> cheers, >> Areq >> ___ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop > > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail as well as Google Worskapce refuse all email from my domain
There probably wasn't suspicious activity from your domain, but there has been a significant wave of fake dating spam sent via presumably compromised Office365 accounts. I've noticed such waves a number of times in the past, but haven't been able to get information about the root cause for such massive account break-ins. My guess is that there either has been some password file exfiltration (unlikely) or easily guessable standard passwords on newly created accounts. As most of the domains seem to be educational institutions, I suspect the latter. I'm not in a position to influence Microsoft to enforce better password security on their hosted domains, and it's likely that their contracts wouldn't allow that anyway. Cheers, Hans-Martin Am 2. Oktober 2022 12:05:05 schrieb Arek Patyk via mailop : Hi, I have my company domain hycom dot pl hosted on microsoft o365 exchange online for 7 years. Last week google servers stopped accepting our mails. During last few days I got: 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 [40.107.22.60 7] Our system has detected that this message is;likely unsolicited mail. To reduce the amount of spam sent to Gmail,;this message has been blocked. Please visit; https://support.google.com/mail/?p=UnsolicitedMessageError; for more information. e17-20020a17090658d100b007833c7cf1dcsi6683774ejs.387 - gsmtp I have no idea what is going on and why. Microsoft support confirmed that there wasn't any suspicious activity. I bought one Google Workspace account to get support ;) They said that my domain had a low reputation in Google, but he couldn't say why. He advised me to wait... I had definied SPF and DKIM https://multirbl.valli.org/lookup/hycom.pl.html Is there any way to contact someone in Google who can help ? Or any other idea what I can do more? cheers, Areq ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Gmail as well as Google Worskapce refuse all email from my domain
Hi, I have my company domain hycom dot pl hosted on microsoft o365 exchange online for 7 years. Last week google servers stopped accepting our mails. During last few days I got: 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 [40.107.22.60 7] Our system has detected that this message is;likely unsolicited mail. To reduce the amount of spam sent to Gmail,;this message has been blocked. Please visit; https://support.google.com/mail/?p=UnsolicitedMessageError; for more information. e17-20020a17090658d100b007833c7cf1dcsi6683774ejs.387 - gsmtp I have no idea what is going on and why. Microsoft support confirmed that there wasn't any suspicious activity. I bought one Google Workspace account to get support ;) They said that my domain had a low reputation in Google, but he couldn't say why. He advised me to wait... I had definied SPF and DKIM https://multirbl.valli.org/lookup/hycom.pl.html Is there any way to contact someone in Google who can help ? Or any other idea what I can do more? cheers, Areq ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
