On 2023-03-30 07:37, Benoit Panizzon via mailop wrote:
Hi all
Received: from mail-vi1eur04on0730.outbound.protection.outlook.com
([IPv6:2a01:111:f400:fe0e::730]:47502) from [email protected]
Auth: by a Spamtrap on 2001:4060:dead:beef::1907:2 25 pretending to be an
open relay for [email protected]; Mon, 27 Mar 2023 07:22:56 +0200
(CEST)
[email protected] is a spamtrap. I can guarantee, that this
email address is not being used for any other purposes and has never
been subscribed to any newsletters or similar.
From the 'username' i more suspect that this was generated and verified
'valid' by some script checking my spamtrap to accept emails to this
destination.
Such a 'confirmed' spamtrap hit immediately causes the sending IP to
get listed in the SWINOG blacklist.
I also looked at the email content.
It is spam, sent via PHPMailer relaying it's payload via Office365
submission servers.
Unfortunately, this massively affects other Office365 customers. But
they complaint because we (operating the SWINOG blacklist) block them,
they don't complaint to Microsoft for being the source of the issue and
find it hard to address such issues with Microsoft.
What would be the best way to address such issues for Office365
customers?
Mit freundlichen Grüssen
-Benoît Panizzon-
I think everyone on the defense side shares your frustration, and I
guess you can see why they are in the class of 'too big to block'.
Of course, they don't care if you block them, only your customers care.
Which is WHY we have to resort to content filtering as the main line of
defense for gmail/o365 spammers, and a few ESP's.
Now, if you could get EVERYONE to block them for a day, or find some
other way to hit their pocket books, maybe we could see some relief.
Outbound security will never be a priority for them, despite their size.
They do have a few good people there, but their hands are either tied,
or they are too short staffed.
Sad to say, until maybe the FTC steps in and starts fining them, don't
expect anything to change.
Worst thing, if WE (inbound filtering and threat detection) can identify
it, it is SO much easier for them to catch it on egress.
It's costing the public millions of dollars in damages, from malware,
phishing, and BEC Compromise..
But it is what it is. All we can do is pray is that they implement
their GPT technology and copilot on egress content filtering ;)
At least with honeypots like yours, you can improve on 'training'
As others had said, unfortunately it is a bit of 'us against them', and
we do have to work together as a community. Speaking up is the first step..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
