Re: [mailop] Microsoft Outbound Spam Seemingly Has Morphed

2024-02-06 Thread L. Mark Stone via mailop 
Thanks for diving deeper there. 

One other issue is that the recipient addresses do not exist on our system. 

But more importantly, at the time of posting there were no subdomain DNS 
records for the sender’s domain. We’ve seen bad actors leverage legitimate 
company’s unprotected subdomains before. 

We remain comfortable blocking that subdomain. 

All the best,
Mark
___
L. Mark Stone
Sent from my iPhone

> On Feb 6, 2024, at 5:17 AM, Gellner, Oliver via mailop  
> wrote:
> 
> On 05.02.2024 at 13:55 L. Mark Stone via mailop wrote
> 
>> Overnight in our logs, we are starting to see Microsoft spam like this:
>> Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
>> mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
>> : Sender address triggers FILTER 
>> smtp-amavis:[127.0.0.1]:10024; from= 
>> to= proto=ESMTP 
>> helo=
>> We have banned the Bing subdomain above.
> 
> Hello Mark,
> 
> what kind of spam did come from this domain? I checked some of those messages 
> and they seem to be news aggregations mixed together with advertisements, 
> created by a bot that Microsoft calls Start. Not very valuable, but I guess 
> the users subscribed to this on the Microsoft Bing news page.
> 
> --
> BR Oliver
> 
> 
> dmTECH GmbH
> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
> Telefon 0721 5592-2500 Telefax 0721 5592-2777
> dmt...@dm.de * www.dmTECH.de
> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
> 
> Datenschutzrechtliche Informationen
> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
> ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder 
> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen 
> unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren 
> Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
> hier.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Outbound Spam Seemingly Has Morphed

2024-02-06 Thread Gellner, Oliver via mailop 
On 05.02.2024 at 13:55 L. Mark Stone via mailop wrote

> Overnight in our logs, we are starting to see Microsoft spam like this:
> Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
> mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
> : Sender address triggers FILTER 
> smtp-amavis:[127.0.0.1]:10024; from= 
> to= proto=ESMTP 
> helo=
> We have banned the Bing subdomain above.

Hello Mark,

what kind of spam did come from this domain? I checked some of those messages 
and they seem to be news aggregations mixed together with advertisements, 
created by a bot that Microsoft calls Start. Not very valuable, but I guess the 
users subscribed to this on the Microsoft Bing news page.

--
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Outbound Spam Seemingly Has Morphed

2024-02-05 Thread Randolf Richardson, Postmaster via mailop 
> Good Morning,
> 
> Overnight in our logs, we are starting to see Microsoft spam like this:
> 
> Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
> mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
> : Sender address triggers FILTER 
> smtp-amavis:[127.0.0.1]:10024; from= 
> to= proto=ESMTP 
> helo=

We're seeing these since 2024-Feb-04.  It looks like spam to us too.

> We have banned the Bing subdomain above.
> 
> Hope that helps.

Yes, thank you.  We just added them to our block-and-forget list.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Microsoft Outbound Spam Seemingly Has Morphed

2024-02-05 Thread L. Mark Stone via mailop 
Good Morning,

Overnight in our logs, we are starting to see Microsoft spam like this:

Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
: Sender address triggers FILTER 
smtp-amavis:[127.0.0.1]:10024; from= 
to= proto=ESMTP 
helo=

We have banned the Bing subdomain above.

Hope that helps.

Regards, 
Mark 
_ 
L. Mark Stone, Founder 
North America's Leading Zimbra VAR/BSP/Training Partner 
For Companies With Mission-Critical Email Needs
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop