Just a note that it is not necessarily a free trial. It's the
onboarding domain for M365.
I would NOT agree that it reflects legitimate traffic and have rules in
the KAM ruleset for the onmicrosoft domains. They are being abused.
Regards,
KAM
On 11/8/2022 7:01 PM, Suresh Ramasubramanian via mailop wrote:
That is an office 365 free trial account. There is some massive abuse
of these going on over a period of time. However there is also a ton of l
Raptor Remark: Please be careful! This email is from an EXTERNAL
sender. Be aware of impersonation and credential theft.
That is an office 365 free trial account. There is some massive abuse
of these going on over a period of time. However there is also a ton
of legitimate traffic.
--srs
------------------------------------------------------------------------
*From:* mailop <[email protected]> on behalf of MRob via
mailop <[email protected]>
*Sent:* Wednesday, November 9, 2022 5:17:09 AM
*To:* [email protected] <[email protected]>
*Subject:* [mailop] Try to understand *.onmicrosoft.com
Is envelope sender user@<anything>.onmicrosoft.com normal in non-spam
mail? Is it how all microsoft mail comes through? Or is it usually spam
from badly configured domain? Should <anything> part *always* match
sender domain in FROM header?
On the other hand, if mail come from microsoft server *not* through
"onmicrosoft.com" is that negative sign?
Thank you.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
RAPTOR REMARK: Alert! Please be careful! This email is from an EXTERNAL sender.
Be aware of impersonation and credential theft.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
