Re: [mailop] Strange mail delivery from microsoft

Sun, 18 Jun 2023 15:22:09 -0700 

On 2023-06-18 at 17:53 +0100, Klaus Ethgen wrote:
> Hi,
> 
> I have tighten my firewall a bit and seen many attacks from Microsoft
> (40.92.0.0/16). They contact once from a IP and then never again. If I
> greylist them, the will try to deliver from a different address which
> gets greylisted again and so on.

hotmail.com claims it delivers email from the whole 40.92.0.0/15:


> spf.protection.outlook.com. 600       IN      TXT     "v=spf1
ip4:40.92.0.0/15...


which seems completely overkill (maybe they want to keep the ability to
serve a customer per ip?), specially since they also use many other
ranges (full list below) but if they used that address space for
anything other than their own email hosts they would be giving a free
spf pass for those, so anything from there must be coming from their
"official" MTAs.

In which case, I don't think it makes much sense to graylist them.


Regards



$ spfwalk hotmail.com | sort -n 
2a01:111:f400::/48
2a01:111:f403::/49
2a01:111:f403:8000::/50
2a01:111:f403:c000::/51
2a01:111:f403:f000::/52
40.107.0.0/16
40.92.0.0/15
52.100.0.0/14
65.54.121.120/29
65.54.190.0/24
65.54.241.0/24
65.54.51.64/26
65.54.61.64/26
65.55.111.0/24
65.55.113.64/26
65.55.116.0/25
65.55.126.0/25
65.55.174.0/25
65.55.178.128/27
65.55.234.192/26
65.55.238.129/26
65.55.238.129/26
65.55.33.64/28
65.55.34.0/24
65.55.52.224/27
65.55.78.128/25
65.55.81.48/28
65.55.90.0/24
65.55.94.0/25
70.37.151.128/25
94.245.112.0/27
94.245.112.10/31
104.47.0.0/17
111.221.112.0/21
111.221.23.128/25
111.221.26.0/27
111.221.66.0/25
111.221.69.128/25
157.55.0.192/26
157.55.11.0/25
157.55.1.128/26
157.55.157.128/25
157.55.2.0/25
157.55.225.0/25
157.55.49.0/25
157.55.61.0/24
157.55.9.128/25
157.56.232.0/21
157.56.240.0/20
157.56.24.0/25
157.56.248.0/21
207.46.116.128/29
207.46.117.0/24
207.46.132.128/27
207.46.198.0/25
207.46.200.0/27
207.46.4.128/25
207.46.50.192/26
207.46.50.224
207.46.58.128/25
207.68.169.173/30
207.68.176.0/26
207.68.176.96/27
213.199.161.128/27
213.199.177.0/26

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to