O365 has many very large tenant ponds now. Rules inside a tenant may be very lax about trusting other users inside the tenant. So one compromised account, easily leads to tens/hundreds of others. So their 2nd round of phish, nets Black Hats enough compromised accounts to blast out a campaign. Then they move on to the next pond.
It's the next hot wave. Microsoft should really ramp up the mandatory settings on tenants. ________________________________ From: David Jones <djo...@ena.com> Sent: Tuesday, January 23, 2018 7:17:38 AM To: 'users@spamassassin.apache.org' Subject: Receiving a lot of junk from Office 356 First, if anyone from Microsoft is on this list, please setup proper outbound spam filtering, rate limiting, and compromised account detection with locking to prevent junk like this. I have seen a recent increase in the number of outbound junk and phishing emails that I keep reporting to SpamCop who reports it to Microsoft. https://pastebin.com/c2c2ETYi Any ideas other than maintaining a complex regex on body matches? I have tried this with good success but it's creating a few FPs. I could limit it to O365 servers but that is a lot these days. -- David Jones
