On 12/10/2018 23:12, Pedro David Marco wrote:
>On Friday, October 12, 2018, 10:48:21 PM GMT+2, Rupert Gallagher
<r...@protonmail.com> wrote:
>I love outlook.com ...
i have seen recently an Office365 Phishing campaign coming from
Office365 severs... as good as it gets...
It may be already known, but O365 does some outbound spam filtering and
adds some interesting headers on every email. It also uses different IP
pools for outbound emails that it thinks are spam:
https://docs.microsoft.com/en-us/office365/SecurityCompliance/anti-spam-message-headers
I personally check the X-Forefront-Antispam-Report header for the string
"SFV:SPM" and bump the score accordingly. Some phishing campaigns that I
saw in the past and that came from O365 ip space had that header set,
but it's not perfect in any way, there are many FPs, so don't just
blindly trust their headers.
Daniele
