[mailop] Spike in imap connects from apple devices
Hi all, we have lately seen a huge spike in imap connects from a group of our customers. When we correlate those connects with other logs we can see they’re all apple devices. They are connecting somewhere between 5-10 times per second for several hours. Has anyone else seen anything like this recently? Regards, Cor ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Incoming spam from outlook.com
On Fri, 15 Dec 2023 13:49:12 + (UTC) "L. Mark Stone via mailop" wrote: > Historically, we have avoided deploying greylisting*, but are curious if > greylisting would block these emails? Could anyone who is doing greylisting > comment on whether these garbage emails are being resent? Yes, they are resent. Though, due to the fact that they change the IP at each attempt, it takes a while to be delivered, hence we can manually bounce them on our spare time... Cheers, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@mediaconsultants.it / \ AND POSTINGS/ WWW: http://www.mcs.IT/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Incoming spam from outlook.com
Thanks Hans; I appreciate the fast reply. Your response comports with our understanding as well, but felt we should ask. All the best, Mark _ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs - Original Message - From: "Hans-Martin Mosner via mailop" To: "mailop" Sent: Friday, December 15, 2023 9:21:30 AM Subject: Re: [mailop] Incoming spam from outlook.com Am 15.12.23 um 14:49 schrieb L. Mark Stone via mailop: > We too are seeing high volumes of such email. > > Historically, we have avoided deploying greylisting*, but are curious if > greylisting would block these emails? Could anyone who is doing greylisting > comment on whether these garbage emails are being resent? Greylisting is generally ineffective against spam sent through a regular e-mail infrastructure. It only helps when the sending software is either set up to avoid retries or the sending IP is only used for a very short interval. Spam sent via accounts on freemailers is generally hard to reject without resorting to content filtering. In some cases (when accurate Received-lines are present) you may be able to filter based on header information, but some providers (such as Google) hide this information, presumably to protect the privacy of their users. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Incoming spam from outlook.com
Greylisting is for dealing with compromised machines where the malicious sender is bursting through a list trying each message once then getting out of there since they expect the compromised machine to be dealt with. Any properly configured MTA will keep retrying when given tempfails because that's what a good MTA is supposed to do. Since these are being sent through Microsoft's servers, they will behave as they should and keep trying delivery when they encounter tempfails. Mike From: mailop on behalf of L. Mark Stone via mailop Sent: Friday, December 15, 2023 8:49 AM To: mailop Subject: Re: [mailop] Incoming spam from outlook.com We too are seeing high volumes of such email. Historically, we have avoided deploying greylisting*, but are curious if greylisting would block these emails? Could anyone who is doing greylisting comment on whether these garbage emails are being resent? Thanks, Mark *Most of our customers are B2B, and many rely on paid industry newsletter subscriptions, some of which are expensive. Years ago, when we first deployed greylisting as a test, we found a number of these newsletter senders did NOT resend after being greylisted. We have not retested since then. _ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs - Original Message - From: "Bradley King via mailop" To: "Otto J. Makela" Cc: "mailop" Sent: Friday, December 15, 2023 4:06:29 AM Subject: Re: [mailop] Incoming spam from outlook.com I have an open ticket with Microsoft for Spam /Phish from their network. Each morning, I collate data and send them the previous 24 hours. Hundreds of thousands of spam and Phish each 24 hours. I have been sending them data for around 2 months. I am yet to see any improvement. I see it from outlook/hotmail. Vanity domains on O365. Loads of throwaway domains made up of garbled text.(example only- sheurussswu.xyz). Loads of the newer TLDs - .fun .xyz .motorcycle - too many to list. All configured with valid spf/dkim. Most likely their trial accounts being abused. No improvement, no real feedback. I honestly don’t know why I persist. Cheers, Brad On Fri, 15 Dec 2023 at 6:46 pm, Otto J. Makela via mailop wrote: This week, we've been getting quite a lot of carefully forged spam from outlook.com addressess, fully using their email infrastructure. What is your experience, is there point in putting effort into reporting it? Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7Xf3015890 for ; Fri, 15 Dec 2023 00:07:35 +0200 Received: (from defang@localhost) by smtp1.csc.fi id 3BEM7IvH012400 for ; Fri, 15 Dec 2023 00:07:18 +0200 Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7IId015829; Fri, 15 Dec 2023 00:07:18 +0200 Received: (from mail@localhost) by smtp1.csc.fi (8.14.4/8.14.4/Submit) id 3BEM7ITP015828; Fri, 15 Dec 2023 00:07:18 +0200 Received: from BL0PR02CU006.outbound.protection.outlook.com (mail-eastusazolkn1901.outbound.protection.outlook.com [52.103.11.0]) by smtp1.csc.fi (8.14.4/8.14.4/CSC) with ESMTP id 3BEM7F1i015812 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 15 Dec 2023 00:07:16 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ED4/pL0CafVHglmaDmvjHxVDN4EW9jGaMQR1VJYER8Bsa8swuMkxlZhTs65sAAt9eis5DBUBfn6cxwf8NTdxVZxuR2bhNTqcLnPguJCYqp623YQ+HGh/r3Bj7qkwCgrHoSChJ/EP/yQZMlDGmoU/Ly3LdSBZmEO9xBEV0IFue2vEey+aHblDvtFmImHsKci63Yedvu2omyr/zJr7Z5/FM613tKxE/BS0GDvsia7qHS/Qlap7rvCgIDERgv14Qg5OmtaQt3rm0tmQuI3L1dAr03WuJKYQC/LmC4BPYMOkfmJ++j14hURVSwqwDKQ2+GHfYs6hNlN+Br1ZzmRMCeNvvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=n22tReCwEFnVZbea6M1d/XDPeerT366qXHUeAA1z2yMdkHAeCPQuSeRJf3zNZGndOCJza7xasD5Se8eEGONoyq+3YuF/OVVEW1Jyhdd1J85G8eKx7ices5ZjeXvz5aPqyYKEPfsOjl/f87pSaCd9KttLSOgXzU+s+gtt80aiRRokJdwlNfkaRuvS4rcjxjoS1X9ayUnhzQMLwFl+1nWO/JCXlQNpwHMs0GtWYdg4lXjOy4WNeasWYIyD9D8xuAJWRBIEgOzj6jnw3rsKbFhzN40d7UVreABzayjsnxxF7mwgiJpUjsk+qbrCHidoutcuzfVQbrP4esMIptGdRCwPng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=;
Re: [mailop] Incoming spam from outlook.com
Am 15.12.23 um 14:49 schrieb L. Mark Stone via mailop: We too are seeing high volumes of such email. Historically, we have avoided deploying greylisting*, but are curious if greylisting would block these emails? Could anyone who is doing greylisting comment on whether these garbage emails are being resent? Greylisting is generally ineffective against spam sent through a regular e-mail infrastructure. It only helps when the sending software is either set up to avoid retries or the sending IP is only used for a very short interval. Spam sent via accounts on freemailers is generally hard to reject without resorting to content filtering. In some cases (when accurate Received-lines are present) you may be able to filter based on header information, but some providers (such as Google) hide this information, presumably to protect the privacy of their users. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Incoming spam from outlook.com
We too are seeing high volumes of such email. Historically, we have avoided deploying greylisting*, but are curious if greylisting would block these emails? Could anyone who is doing greylisting comment on whether these garbage emails are being resent? Thanks, Mark *Most of our customers are B2B, and many rely on paid industry newsletter subscriptions, some of which are expensive. Years ago, when we first deployed greylisting as a test, we found a number of these newsletter senders did NOT resend after being greylisted. We have not retested since then. _ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs - Original Message - From: "Bradley King via mailop" To: "Otto J. Makela" Cc: "mailop" Sent: Friday, December 15, 2023 4:06:29 AM Subject: Re: [mailop] Incoming spam from outlook.com I have an open ticket with Microsoft for Spam /Phish from their network. Each morning, I collate data and send them the previous 24 hours. Hundreds of thousands of spam and Phish each 24 hours. I have been sending them data for around 2 months. I am yet to see any improvement. I see it from outlook/hotmail. Vanity domains on O365. Loads of throwaway domains made up of garbled text.(example only- sheurussswu.xyz). Loads of the newer TLDs - .fun .xyz .motorcycle - too many to list. All configured with valid spf/dkim. Most likely their trial accounts being abused. No improvement, no real feedback. I honestly don’t know why I persist. Cheers, Brad On Fri, 15 Dec 2023 at 6:46 pm, Otto J. Makela via mailop wrote: This week, we've been getting quite a lot of carefully forged spam from outlook.com addressess, fully using their email infrastructure. What is your experience, is there point in putting effort into reporting it? Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7Xf3015890 for ; Fri, 15 Dec 2023 00:07:35 +0200 Received: (from defang@localhost) by smtp1.csc.fi id 3BEM7IvH012400 for ; Fri, 15 Dec 2023 00:07:18 +0200 Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7IId015829; Fri, 15 Dec 2023 00:07:18 +0200 Received: (from mail@localhost) by smtp1.csc.fi (8.14.4/8.14.4/Submit) id 3BEM7ITP015828; Fri, 15 Dec 2023 00:07:18 +0200 Received: from BL0PR02CU006.outbound.protection.outlook.com (mail-eastusazolkn1901.outbound.protection.outlook.com [52.103.11.0]) by smtp1.csc.fi (8.14.4/8.14.4/CSC) with ESMTP id 3BEM7F1i015812 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 15 Dec 2023 00:07:16 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ED4/pL0CafVHglmaDmvjHxVDN4EW9jGaMQR1VJYER8Bsa8swuMkxlZhTs65sAAt9eis5DBUBfn6cxwf8NTdxVZxuR2bhNTqcLnPguJCYqp623YQ+HGh/r3Bj7qkwCgrHoSChJ/EP/yQZMlDGmoU/Ly3LdSBZmEO9xBEV0IFue2vEey+aHblDvtFmImHsKci63Yedvu2omyr/zJr7Z5/FM613tKxE/BS0GDvsia7qHS/Qlap7rvCgIDERgv14Qg5OmtaQt3rm0tmQuI3L1dAr03WuJKYQC/LmC4BPYMOkfmJ++j14hURVSwqwDKQ2+GHfYs6hNlN+Br1ZzmRMCeNvvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=n22tReCwEFnVZbea6M1d/XDPeerT366qXHUeAA1z2yMdkHAeCPQuSeRJf3zNZGndOCJza7xasD5Se8eEGONoyq+3YuF/OVVEW1Jyhdd1J85G8eKx7ices5ZjeXvz5aPqyYKEPfsOjl/f87pSaCd9KttLSOgXzU+s+gtt80aiRRokJdwlNfkaRuvS4rcjxjoS1X9ayUnhzQMLwFl+1nWO/JCXlQNpwHMs0GtWYdg4lXjOy4WNeasWYIyD9D8xuAJWRBIEgOzj6jnw3rsKbFhzN40d7UVreABzayjsnxxF7mwgiJpUjsk+qbrCHidoutcuzfVQbrP4esMIptGdRCwPng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=F68bS/eFYdcPZC1FKfvcJVO9sMoPgwzzbM6sctTJhpsEqVtgGULPtxlmPmmr12z1q5expAztRumFcFqb72vHAZ3L/Qz+sfSqyV4QtgUykmIsi9bIRiXxWmUVcHHrpBBy4lImm+76AUdxPL386FrTBHnWae12R+BXV18dxxziWdPIqBXx2ZW0etZnSJRCtq78ij1VU9L9tbTK0iygL8W2paDnLw5c7EXC2pwqWwG9uV8zKHOQK5Tzsvp8ePgdy2uBD0/pqfbeQa77JPL2dM8Orfe2cgZL2yeU5xl/0a+Y13h2+3g6mYjLCnhPIPYvKetEV6cwa60zd8KRoDByKeQWeQ== Received: from SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) by SA3PR05MB9668.namprd05.prod.outlook.com (2603:10b6:806:313::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 22:07:08 + Received: from SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23]) by
Re: [mailop] Microsoft rejecting their own headers
Hi, What is stupid is that the header that causes the reject upon reinject is written BY THEM! How about not writing such crazily long report on a single header? They have to protect their users from spam, but their users themselves would never spam. So this makes sense. SCNR Bjoern ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft rejecting their own headers
Maybe they have just started eating their own dog food V2.0 at MS? ;-> SCNR. Best, -C. > Am 15.12.2023 um 11:37 schrieb Laurent S. via mailop : > > It seems Microsoft made very recently a change. Since then, we get a > whole bunch of reject with this message: > >> 554 5.6.211 Invalid MIME Content: Single text value size (32820) > exceeded allowed maximum (32768) for the > 'X-Microsoft-Antispam-Message-Info-Original' header. > > The company I work for does some e-mail handling where our clients would > keep their MX at microsoft and route some inbound mails through our > infra by connectors. > > What is stupid is that the header that causes the reject upon reinject > is written BY THEM! How about not writing such crazily long report on a > single header? > > We are now implementing a reject on the same header length for this > service, but I suppose our customer will realize soon that they are > missing some mails and will, as usual, put the blame on us instead of > microsoft. > > Regards, > Laurent ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Microsoft rejecting their own headers
It seems Microsoft made very recently a change. Since then, we get a whole bunch of reject with this message: > 554 5.6.211 Invalid MIME Content: Single text value size (32820) exceeded allowed maximum (32768) for the 'X-Microsoft-Antispam-Message-Info-Original' header. The company I work for does some e-mail handling where our clients would keep their MX at microsoft and route some inbound mails through our infra by connectors. What is stupid is that the header that causes the reject upon reinject is written BY THEM! How about not writing such crazily long report on a single header? We are now implementing a reject on the same header length for this service, but I suppose our customer will realize soon that they are missing some mails and will, as usual, put the blame on us instead of microsoft. Regards, Laurent ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Incoming spam from outlook.com
I have an open ticket with Microsoft for Spam /Phish from their network.Each morning, I collate data and send them the previous 24 hours. Hundreds of thousands of spam and Phish each 24 hours. I have been sending them data for around 2 months. I am yet to see any improvement.I see it from outlook/hotmail. Vanity domains on O365. Loads of throwaway domains made up of garbled text.(example only- sheurussswu.xyz). Loads of the newer TLDs - .fun .xyz .motorcycle - too many to list. All configured with valid spf/dkim. Most likely their trial accounts being abused.No improvement, no real feedback. I honestly don’t know why I persist.Cheers,BradOn Fri, 15 Dec 2023 at 6:46 pm, Otto J. Makela via mailop wrote:This week, we've been getting quite a lot of carefully forged spam fromoutlook.com addressess, fully using their email infrastructure.What is your experience, is there point in putting effort into reporting it?Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7Xf3015890 for ; Fri, 15 Dec 2023 00:07:35 +0200Received: (from defang@localhost) by smtp1.csc.fi id 3BEM7IvH012400 for ; Fri, 15 Dec 2023 00:07:18 +0200Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7IId015829; Fri, 15 Dec 2023 00:07:18 +0200Received: (from mail@localhost) by smtp1.csc.fi (8.14.4/8.14.4/Submit) id 3BEM7ITP015828; Fri, 15 Dec 2023 00:07:18 +0200Received: from BL0PR02CU006.outbound.protection.outlook.com (mail-eastusazolkn1901.outbound.protection.outlook.com [52.103.11.0]) by smtp1.csc.fi (8.14.4/8.14.4/CSC) with ESMTP id 3BEM7F1i015812 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 15 Dec 2023 00:07:16 +0200ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ED4/pL0CafVHglmaDmvjHxVDN4EW9jGaMQR1VJYER8Bsa8swuMkxlZhTs65sAAt9eis5DBUBfn6cxwf8NTdxVZxuR2bhNTqcLnPguJCYqp623YQ+HGh/r3Bj7qkwCgrHoSChJ/EP/yQZMlDGmoU/Ly3LdSBZmEO9xBEV0IFue2vEey+aHblDvtFmImHsKci63Yedvu2omyr/zJr7Z5/FM613tKxE/BS0GDvsia7qHS/Qlap7rvCgIDERgv14Qg5OmtaQt3rm0tmQuI3L1dAr03WuJKYQC/LmC4BPYMOkfmJ++j14hURVSwqwDKQ2+GHfYs6hNlN+Br1ZzmRMCeNvvg==ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=n22tReCwEFnVZbea6M1d/XDPeerT366qXHUeAA1z2yMdkHAeCPQuSeRJf3zNZGndOCJza7xasD5Se8eEGONoyq+3YuF/OVVEW1Jyhdd1J85G8eKx7ices5ZjeXvz5aPqyYKEPfsOjl/f87pSaCd9KttLSOgXzU+s+gtt80aiRRokJdwlNfkaRuvS4rcjxjoS1X9ayUnhzQMLwFl+1nWO/JCXlQNpwHMs0GtWYdg4lXjOy4WNeasWYIyD9D8xuAJWRBIEgOzj6jnw3rsKbFhzN40d7UVreABzayjsnxxF7mwgiJpUjsk+qbrCHidoutcuzfVQbrP4esMIptGdRCwPng==ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=noneDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=F68bS/eFYdcPZC1FKfvcJVO9sMoPgwzzbM6sctTJhpsEqVtgGULPtxlmPmmr12z1q5expAztRumFcFqb72vHAZ3L/Qz+sfSqyV4QtgUykmIsi9bIRiXxWmUVcHHrpBBy4lImm+76AUdxPL386FrTBHnWae12R+BXV18dxxziWdPIqBXx2ZW0etZnSJRCtq78ij1VU9L9tbTK0iygL8W2paDnLw5c7EXC2pwqWwG9uV8zKHOQK5Tzsvp8ePgdy2uBD0/pqfbeQa77JPL2dM8Orfe2cgZL2yeU5xl/0a+Y13h2+3g6mYjLCnhPIPYvKetEV6cwa60zd8KRoDByKeQWeQ==Received: from SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) by SA3PR05MB9668.namprd05.prod.outlook.com (2603:10b6:806:313::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 22:07:08 +Received: from SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23]) by SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23%3]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 22:07:07 +X-Mailer: MailBee.NET 12.3.1.667From: "livshitsjemere1...@outlook.com" Subject: Sinkku UA-naiset ovat alueellasi!Reply-To: "livshitsjemere1...@outlook.com" Date: Thu, 14 Dec 2023 23:07:03 +0100Message-ID: SA3PR05MB10372.namprd05.prod.outlook.com>Content-Type: multipart/alternative; boundary="=_NextPart_000_44D3_27757235.EC7D78A2"To: Undisclosed recipients:;X-TMN: [t1N2pGILfQDQhYs+XuQIbsU9zMJ8MRod]X-ClientProxiedBy: VI1PR04CA0117.eurprd04.prod.outlook.com (2603:10a6:803:f0::15) To SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18)X-Microsoft-Original-Message-ID: <1.b871d96563f8d1a21a98@DESKTOP-PKC9ISR>MIME-Version: 1.0X-MS-Exchange-MessageSentRepresentingType: 1X-MS-PublicTrafficType: EmailX-MS-TrafficTypeDiagnostic: SA3PR05MB10372:EE_|SA3PR05MB9668:EE_X-MS-Office365-Filtering-Correlation-Id: 011582c9-e06e-4d33-70fd-08dbfcf102e2X-Microsoft-Antispam:
[mailop] Incoming spam from outlook.com
This week, we've been getting quite a lot of carefully forged spam from outlook.com addressess, fully using their email infrastructure. What is your experience, is there point in putting effort into reporting it? Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7Xf3015890 for ; Fri, 15 Dec 2023 00:07:35 +0200 Received: (from defang@localhost) by smtp1.csc.fi id 3BEM7IvH012400 for ; Fri, 15 Dec 2023 00:07:18 +0200 Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender ) with ESMTP id 3BEM7IId015829; Fri, 15 Dec 2023 00:07:18 +0200 Received: (from mail@localhost) by smtp1.csc.fi (8.14.4/8.14.4/Submit) id 3BEM7ITP015828; Fri, 15 Dec 2023 00:07:18 +0200 Received: from BL0PR02CU006.outbound.protection.outlook.com (mail-eastusazolkn1901.outbound.protection.outlook.com [52.103.11.0]) by smtp1.csc.fi (8.14.4/8.14.4/CSC) with ESMTP id 3BEM7F1i015812 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 15 Dec 2023 00:07:16 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ED4/pL0CafVHglmaDmvjHxVDN4EW9jGaMQR1VJYER8Bsa8swuMkxlZhTs65sAAt9eis5DBUBfn6cxwf8NTdxVZxuR2bhNTqcLnPguJCYqp623YQ+HGh/r3Bj7qkwCgrHoSChJ/EP/yQZMlDGmoU/Ly3LdSBZmEO9xBEV0IFue2vEey+aHblDvtFmImHsKci63Yedvu2omyr/zJr7Z5/FM613tKxE/BS0GDvsia7qHS/Qlap7rvCgIDERgv14Qg5OmtaQt3rm0tmQuI3L1dAr03WuJKYQC/LmC4BPYMOkfmJ++j14hURVSwqwDKQ2+GHfYs6hNlN+Br1ZzmRMCeNvvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=n22tReCwEFnVZbea6M1d/XDPeerT366qXHUeAA1z2yMdkHAeCPQuSeRJf3zNZGndOCJza7xasD5Se8eEGONoyq+3YuF/OVVEW1Jyhdd1J85G8eKx7ices5ZjeXvz5aPqyYKEPfsOjl/f87pSaCd9KttLSOgXzU+s+gtt80aiRRokJdwlNfkaRuvS4rcjxjoS1X9ayUnhzQMLwFl+1nWO/JCXlQNpwHMs0GtWYdg4lXjOy4WNeasWYIyD9D8xuAJWRBIEgOzj6jnw3rsKbFhzN40d7UVreABzayjsnxxF7mwgiJpUjsk+qbrCHidoutcuzfVQbrP4esMIptGdRCwPng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=F68bS/eFYdcPZC1FKfvcJVO9sMoPgwzzbM6sctTJhpsEqVtgGULPtxlmPmmr12z1q5expAztRumFcFqb72vHAZ3L/Qz+sfSqyV4QtgUykmIsi9bIRiXxWmUVcHHrpBBy4lImm+76AUdxPL386FrTBHnWae12R+BXV18dxxziWdPIqBXx2ZW0etZnSJRCtq78ij1VU9L9tbTK0iygL8W2paDnLw5c7EXC2pwqWwG9uV8zKHOQK5Tzsvp8ePgdy2uBD0/pqfbeQa77JPL2dM8Orfe2cgZL2yeU5xl/0a+Y13h2+3g6mYjLCnhPIPYvKetEV6cwa60zd8KRoDByKeQWeQ== Received: from SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) by SA3PR05MB9668.namprd05.prod.outlook.com (2603:10b6:806:313::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 22:07:08 + Received: from SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23]) by SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23%3]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 22:07:07 + X-Mailer: MailBee.NET 12.3.1.667 From: "livshitsjemere1...@outlook.com" Subject: Sinkku UA-naiset ovat alueellasi! Reply-To: "livshitsjemere1...@outlook.com" Date: Thu, 14 Dec 2023 23:07:03 +0100 Message-ID: Content-Type: multipart/alternative; boundary="=_NextPart_000_44D3_27757235.EC7D78A2" To: Undisclosed recipients:; X-TMN: [t1N2pGILfQDQhYs+XuQIbsU9zMJ8MRod] X-ClientProxiedBy: VI1PR04CA0117.eurprd04.prod.outlook.com (2603:10a6:803:f0::15) To SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) X-Microsoft-Original-Message-ID: <1.b871d96563f8d1a21a98@DESKTOP-PKC9ISR> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA3PR05MB10372:EE_|SA3PR05MB9668:EE_ X-MS-Office365-Filtering-Correlation-Id: 011582c9-e06e-4d33-70fd-08dbfcf102e2 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: