On both systems I run, I would definitely call it extreme. To the point that I 
am about to block the 12+ ranges the traffic is coming from. We had a 10 fold 
increase in auth’s the past three days. 

I am unsure whats exactly being done with the auth attempts but its not normal. 

> On Feb 9, 2018, at 8:59 AM, Brotman, Alexander 
> <alexander_brot...@comcast.com> wrote:
> Not sure if I'd call it extreme, but a marked increase beginning Feb 6th.  
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse
> Comcast
> -----Original Message-----
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dan Malm
> Sent: Friday, February 09, 2018 3:57 AM
> To: mailop@mailop.org
> Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
> Hi
> I'm seeing an extreme amount of SMTP authentications (over 600/s) from the 
> microsoft owned range on my customer SMTP servers.
> It's just auth, with valid credentials, and then it disconnects right after 
> so no attempts to send any mails have been done for the vast majority of 
> these connections. A small amount of valid mails are being sent from this 
> range though. HELO indicates it's from outlook.com. So seems like their 
> system for sending with your own domain through external servers has gone a 
> bit haywire...
> I've sent ab...@microsoft.com a mail about it, but I'm a bit curious if 
> anyone else is seeing the same?
> --
> BR/Mvh. Dan Malm, Systems Engineer, One.com
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

mailop mailing list

Reply via email to