We're seeing hundreds of entries like these in our logs for their internet domain name:
2023-12-29T07:42:08.028521-08:00 mail01 postfix/policy-spf[118254]: Policy action=PREPEND Received-SPF: none (csw31.besmartforgoodlife.com: No applicable sender policy available) receiver=mail01.inter-corporate.com; identity=mailfrom; envelope-from="alfa4+SRS=X10ap=II=intbl.co.uk=zmciyzxtdk20...@csw31.besmartforgoodlife.com"; helo=DEU01-BE0-obe.outbound.protection.outlook.com; client-ip=52.100.3.205 The SPF records don't exist at all: https://www.openspf.ca/why.perl?id=nobody%40csw31.besmartforgoodlife.com&ip=52.100.3.205&s=mfrom&r= The IP address of 52.100.3.205 belongs to Microsoft according to a query to WHOIS.ARIN.NET, and it's blacklisted in multiple DNSBLs, including BACKSCATTER, MAILSPIKE, SOLID, and SORBS-IP: https://www.lumbercartel.ca/tools/rblcheck.pl?q=52.100.3.205 Spamhaus.org has their internet domain name blacklisted, and I support their decision because it's a spam sewer that's trying to send to a wide variety of eMail users on different internet domain names for whom we're providing the hosting eMail: 2023-12-29T07:42:09.772483-08:00 mail01 postfix/smtpd[118253]: NOQUEUE: reject: RCPT from mail-be0deu01hn2205.outbound.protection.outlook.com[52.100.3.205]: 554 5.7.1 Service unavailable; Sender address [alfa4+SRS=X10ap=II=intbl.co.uk=zmciyzxtdk20...@csw31.besmartforgoodlife.com] blocked using dbl.spamhaus.org; https://www.spamhaus.org/query/domain/besmartforgoodlife.com; from=<alfa4+SRS=X10ap=II=intbl.co.uk=zmciyzxtdk20...@csw31.besmartforgoodlife.com> to=<various-recipie...@example.com> proto=ESMTP helo=<DEU01-BE0-obe.outbound.protection.outlook.com> I suspect it will just be a matter of time before Microsoft finds their whole network blacklisted by multiple DNSBLs. At the present time I have many users who receive legitimate eMail from their users, but so far the major DNSBLs are doing a great job of keeping most of the problem areas at bay. (Sadly, Microsoft's "DEU01-BE0-obe.outbound.protection.outlook.com" system isn't providing "outbound protection" even though their systems' hostname seems to be alluding to this.) > I think we've finally reached the point where more spam comes from > Office 365 customers than legitimate and desirable email. Here's just > ONE spam campaign from Office 365 we pulled logs for today: > https://mxbin.io/piaQqm > > Notice the different subdomains they send from: > > *@csw11.besmartforgoodlife.com > *@csw12.besmartforgoodlife.com > *@csw13.besmartforgoodlife.com > *@csw14.besmartforgoodlife.com > *@csw15.besmartforgoodlife.com > *@csw16.besmartforgoodlife.com > *@csw17.besmartforgoodlife.com > *@csw18.besmartforgoodlife.com > *@csw19.besmartforgoodlife.com > *@csw20.besmartforgoodlife.com > *@csw21.besmartforgoodlife.com > *@csw22.besmartforgoodlife.com > *@csw23.besmartforgoodlife.com > *@csw24.besmartforgoodlife.com > *@csw25.besmartforgoodlife.com > *@csw26.besmartforgoodlife.com > *@csw27.besmartforgoodlife.com > *@csw28.besmartforgoodlife.com > *@csw29.besmartforgoodlife.com > *@csw30.besmartforgoodlife.com > *@csw31.besmartforgoodlife.com > *@csw36.besmartforgoodlife.com > *@csw37.besmartforgoodlife.com > > And that's just one campaign, for just one day. At this point, we've > blacklisted Microsoft IP ranges and we now consider email from them to > more likely be spam than ham. Our blacklist isn't an outright block, but > if Microsoft can't get their act together maybe a block is what we all > need to do collectively. This is worse than the last few years of Gmail > SEO spam. > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop