The solution is rather more complex but yes, what you describe might be a useful start. Free accounts, hacked accounts, accounts bought using stolen cards .. so many vectors. And then yet more vectors in just how you can abuse a service that can be coaxed into sending out mail with some customizations to various people.
Corporate job sites with “send this job posting to a friend, with a personal note” Online calendars, documents, shared photos […] Web forms Not at all a new sort of abuse, Matt Wright’s formmail was pretty heavily abused even two decades ++ back. But it has grown a lot more sophisticated and harder to lock down. --srs From: mailop <mailop-boun...@mailop.org> Date: Sunday, 22 March 2020 at 2:16 PM To: mailop@mailop.org <mailop@mailop.org> Subject: Re: [mailop] Spam from no-re...@sharepointonline.com via outbound.protection.outlook.com Am 22.03.20 um 08:37 schrieb Suresh Ramasubramanian via mailop: This is abuse of free trial accounts of office 365, and the document sharing that sharepoint allows. Create a document with porn spam text and share it, with a porn spam spiel, with a big list of spam recipients. That is the reply-to and not the originator of the email, I am not sure where you got originator from. --srs Ah thanks, that helps to understand! I'm not a Microsoft user, so I'm not really up to date on what kinds of products and services they offer. The From: header and envelope sender address "no-re...@sharepointonline.com"<mailto:no-re...@sharepointonline.com> is just a mechanism to prevent automated replies and rejects from getting anywhere, so it can't be considered the originator. I suspect that the Reply-To is somehow the "originator" because it's possibly the mail address associated with the account that is being used to spam, but that is just a guess as I don't know how Microsoft constructs the header contents for this kind of spam. If the assumption is true, one way Microsoft could suppress this kind of spam would be to refuse free trial registrations with such addresses or to restrict the sharepoint functionality for these accounts. Cheers, Hans-Martin
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
