I should also comment further (and MW, were you kidding about sending
abuse reports from Azure space to cert@)?
Spam Auditing team has been tacking the Azure spammer bots for a while,
and you will notice that while they usually have the cloudapp ptr naming
convention at the time of delivery, they are already back to NOPTR quite
quickly, after it made it's run.
But every more worrisome is the size/force of the authentication bots
operating on Azure, a larger and more dangerous threat to the community.
New bot reported again over night, high brute force rates, targeting
SMTP, emailname + array(number pattern) where the numbers are NOT in
sequential order..
We highly recommend that you block all authentication from Azure IP
space, until:
* Azure responds promptly to take down requests
* Azure gets a handle on this problem
If you do have a customer that must relay through your email server,
allow exemptions only for specific know trusted Azure IP(s).
If you need help identifying Azure IP space, there is a URL updated
regularly by MS, or reach out to me off list.
We rolled out the ability to block all authentication from selective
known hosting companies and CDN's to our customers a while ago.
However, of course, getting everyone on board with transparent 2FA
methods is the long term way to go.j
-- Michael --
On 2021-01-14 11:34 p.m., Hans-Martin Mosner via mailop wrote:
Am 14.01.21 um 23:50 schrieb Andreas Schamanek via mailop:
On Thu, 14 Jan 2021, at 20:22, Michael Wise via mailop wrote:
On Tue, 8 Dec 2020, at 23:43, Hans-Martin Mosner wrote:
Today we got a response to our abuse reports requesting that we
report these to j...@office365.microsoft.com
Why would you have thought reporting an Azure item to the Office365
abuse SAMPLE input queue would have any affect at all on Azure issues?
@Michael: Maybe he trusts your colleagues more than you do?
Trust is a strong word in this context, but yes, this is the information
I got from cdo...@microsoft.com in December in response to abuse mails
sent via spamcop:
Hi,
Based on the information you provided, it appears to have originated
from an Office 365 or Exchange Online tenant account.
To report junk mail from Office 365 tenants, send an email to
j...@office365.microsoft.com and include the junk mail as an
attachment.
This link provides further junk mail education
https://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx.
Kindly,
Jessy
Microsoft Online Safety
I got the same response from "Ann" and "Rhodz", so it's probably not an
issue with just one abuse worker's insufficient knowledge.
When I revisit the trace information from spamcop it shows this:
Cached whois for 52.168.145.55 : ab...@microsoft.com
Using best contacts ab...@microsoft.com
Using rdns to route to correct Microsoft department
host 52.168.145.55 (getting name) no name
failed, using default ab...@hotmail.com
ab...@hotmail.com redirects to report_s...@hotmail.com
So it's possible that spamcop's heuristics to find the correct abuse
address were misled by the missing reverse DNS entry for that IP
address. I don't know how it would fare with the current wave where rDNS
shows cloudapp.azure.com, as I've sent later reports directly. I'm going
to try ab...@microsoft.com again, maybe that helps.
Cheers and thanks for taking your time to help me understand the issues,
Hans-Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
