On both systems I run, I would definitely call it extreme. To the point that I
am about to block the 12+ ranges the traffic is coming from. We had a 10 fold
increase in auth’s the past three days.
I am unsure whats exactly being done with the auth attempts but its not normal.
> On Feb 9, 2018, at 8:59 AM, Brotman, Alexander
> <alexander_brot...@comcast.com> wrote:
> Not sure if I'd call it extreme, but a marked increase beginning Feb 6th.
> Alex Brotman
> Sr. Engineer, Anti-Abuse
> -----Original Message-----
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dan Malm
> Sent: Friday, February 09, 2018 3:57 AM
> To: email@example.com
> Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
> I'm seeing an extreme amount of SMTP authentications (over 600/s) from the
> microsoft owned 22.214.171.124/16 range on my customer SMTP servers.
> It's just auth, with valid credentials, and then it disconnects right after
> so no attempts to send any mails have been done for the vast majority of
> these connections. A small amount of valid mails are being sent from this
> range though. HELO indicates it's from outlook.com. So seems like their
> system for sending with your own domain through external servers has gone a
> bit haywire...
> I've sent ab...@microsoft.com a mail about it, but I'm a bit curious if
> anyone else is seeing the same?
> BR/Mvh. Dan Malm, Systems Engineer, One.com
> mailop mailing list
mailop mailing list