A similar issue (not with spamhaus) crept up recently and I had to do a
lot of log diving to find the culprit. Just for kicks and in case you
get nothing else of value in reply, any chance that taking the two time
frames and comparing them to see what recipients matched is of any
value? I guess if you're sending DMARC reports at that time that'll be
the bulk of it, but if there was one stray recipient outside of those it
might all click at once.
On 2022-05-17 03:48, Benoit Panizzon via mailop wrote:
Hopefully somebody from spamhaus is reading.
The 2nd day in a row, our main mailplattform IP address is listed and
outlook.com blocks all emails.
Spamhaus only gives a timestamp +/- 5 minutes.
There are A LOT OF EMAILS passing our plattform in 10 Minutes.
Yesterday I found a suspect. One customer had configured his exchange
server to relay 'bounces' via our platform. That was fixed.
Today I am looking through the logs again. No suspicious emails. But in
that timespam, we send out DMARC reports.
Could it be, that someone publishes a DMARC Report address which points
to a Spamhaus Spamtrap?
For the 2nd time I requestd 'more details' from Spamhaus. Is there a
chance to get such informations?
Mit freundlichen Grüssen
-Benoît Panizzon-
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
