This spam wave started to my knowledge early september from other servers. Starting around 2022-09-25 it also affected MS365 senders.
The URIs have some patterns that helps blocking them without too much difficulty with no known FPs on our platform. To their credit, they are good at avoiding traps. While is it easy to completely block most servers sending those spam, the usual snowshoe method of MS365 makes IP blocking/scoring with quite some collateral damage (very much deserved). Obviously, our team is always blamed in such case and I am still waiting for the day that a microsoft client complain to microsoft about delivery issues and not to us. The number of compromised MS365 account kept increasing a lot, up to reaching a point were it was hard to justify allowing any mail coming from those ranges. The reputation hit will be hard to recover. Especially as we dutifully rejected almsot all of those spam with a clear message. Outbound monitoring is clearly not a selling argument to use MS365. > Impossible to say whether the spammer just got tired, or MS found an > effective way to stop them. While the spam greatly reduced since this week-end, it keeps coming. Some with slightly changed pattern, some with the same old patterns that should have been blocked two weeks ago. Best regards, Laurent _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
