On 11/9/22 23:23, MRob via mailop wrote:
On 2022-11-09 13:54, Kevin A. McGrail via mailop wrote:Just a note that it is not necessarily a free trial. It's the onboarding domain for M365.I would NOT agree that it reflects legitimate traffic and have rules in the KAM ruleset for the onmicrosoft domains. They are being abused.Does anyones on this list getting legitimate nonspam mail from *@<foo>.onmicrosoft.com?
out-of-office notices sometimes are sent from the onmicrosoft.com domain even if the real domain is another. Giovanni
On 11/8/2022 7:01 PM, Suresh Ramasubramanian via mailop wrote:That is an office 365 free trial account. There is some massive abuse of these going on over a period of time. However there is also a ton of l Raptor Remark: Please be careful! This email is from an EXTERNAL sender. Be aware of impersonation and credential theft. That is an office 365 free trial account. There is some massive abuse of these going on over a period of time. However there is also a ton of legitimate traffic. --srs ------------------------------------------------------------------------ *From:* mailop <[email protected]> on behalf of MRob via mailop <[email protected]> *Sent:* Wednesday, November 9, 2022 5:17:09 AM *To:* [email protected] <[email protected]> *Subject:* [mailop] Try to understand *.onmicrosoft.com Is envelope sender user@<anything>.onmicrosoft.com normal in non-spam mail? Is it how all microsoft mail comes through? Or is it usually spam from badly configured domain? Should <anything> part *always* match sender domain in FROM header? On the other hand, if mail come from microsoft server *not* through "onmicrosoft.com" is that negative sign?_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
