Heh. Please send me the headers for analysis and I'll see if I can cause the sender some amount of ... discomfort. :) No guarantees, though; we have certain constraints.
But I can make darned sure the below-noted advice is working as designed. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Spam Auditor Sent: Tuesday, November 17, 2015 10:23 AM To: mailop@mailop.org Subject: Re: [mailop] Phishing mails sent through Office 365 You might want to review the history of this mailing list. It was mentioned that a header is injected in the messages if Microsoft finds it suspicious, (spammy) but still was 'compelled' <sic> to send the message. Eg.. X-Forefront-Antispam-Report: SFV:SPM; ... The SPM, is the indicator.. Having said that, yes there have been a lot of 'leakage', but it was politely asked that this list not be used for reporting spam issues. The normal abuse channels should be used.. but check for the SPM header first.. On 15-11-17 08:42 AM, Necip Cebeci wrote: > Hi all, > > We are receiving very well targeted phishing attacks to our clients, > mail headers indicate that they originate from Office 365 servers. > > Some of the hops in the message header goes like this > > /https://na01.safelinks.protection.outlook.com/?url=eurprd09.prod.outlook.com%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=VSxf0dEGL0q7YpTJ2QRvyXd7xIxsJ879OVgj5g54%2bo4%3d > > /https://na01.safelinks.protection.outlook.com/?url=emea01-db3-obe.outbound.protection.outlook.com%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=wiFwc9gtOqFwdT2bsHHLoOyDrHQ%2bcDklSjoNWzFY3Ds%3d > > __ > > Is there an official channel of complaint to Office 365 for attacks like > this? Or a contact at Microsoft in this list ? > > Thanks fort he help > > cid:image001.png@01D0B8A8.19157EC0 > > > > Necip Cebeci > IT Security Specialist > IT Network, Security and Risk Management > > _necip.ceb...@borsaistanbul.com <mailto:necip.ceb...@borsaistanbul.com>_ > *T.*+90 212 298 27 72 > *F.*+90 212 298 25 00 > > Borsa Istanbul > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.borsaistanbul.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=wmtYdeghhhgkqDaboxx23%2fas%2bdghtPi0R5SY87IX9%2b8%3d> > > Bu e-posta mesaji, mesajin alici kisminda belirtilmis olan kullanici > icindir. Mesajin alicisi siz degilseniz -dogrudan veya dolayli olarak- > mesaji kullanmayiniz, acmayiniz, dagitmayiniz, yazicidan dokumunu > almayiniz veya herhangi bir kismini kopyalamayiniz. Yanlislikla bu mesaj > size ulasmissa lutfen, siliniz ve tüm kopyalarini yok ederek mesaji > gonderene acilen haber veriniz. Bu mesaj icerisinde belirtilenler sadece > gondericinin kisisel gorusleridir. Bu gorusler Borsa Istanbul A.S.'nin > goruslerini yansitmadigi gibi, Borsa Istanbul A.S.'yi baglayici da > degildir. > > This email is intended solely for the use of the individual or entity to > whom it is addressed. If you are not the intended addressee of this > message, you should not use, open, disseminate, distribute, print or > copy this e-mail. If you have received this email in error, please > delete it from your system and notify the sender immediately. Borsa > Istanbul does not accept any legal responsibility whatsoever for the > contents of this message. Any opinions contained in this message are > those of the author and are not given or endorsed by Borsa Istanbul. > > Borsa Istanbul A.S. > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.borsaistanbul.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=wmtYdeghhhgkqDaboxx23%2fas%2bdghtPi0R5SY87IX9%2b8%3d> > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=w3mWWAhuGm1j9VVAqEG82dCY1QRgOr7Qvit8fLiB7KA%3d > _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cf01fb28502224221152b08d2ef7da4e7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=w3mWWAhuGm1j9VVAqEG82dCY1QRgOr7Qvit8fLiB7KA%3d _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
