Greylisting is for dealing with compromised machines where the malicious sender is bursting through a list trying each message once then getting out of there since they expect the compromised machine to be dealt with. Any properly configured MTA will keep retrying when given tempfails because that's what a good MTA is supposed to do.
Since these are being sent through Microsoft's servers, they will behave as they should and keep trying delivery when they encounter tempfails. Mike ________________________________ From: mailop <mailop-boun...@mailop.org> on behalf of L. Mark Stone via mailop <mailop@mailop.org> Sent: Friday, December 15, 2023 8:49 AM To: mailop <mailop@mailop.org> Subject: Re: [mailop] Incoming spam from outlook.com We too are seeing high volumes of such email. Historically, we have avoided deploying greylisting*, but are curious if greylisting would block these emails? Could anyone who is doing greylisting comment on whether these garbage emails are being resent? Thanks, Mark *Most of our customers are B2B, and many rely on paid industry newsletter subscriptions, some of which are expensive. Years ago, when we first deployed greylisting as a test, we found a number of these newsletter senders did NOT resend after being greylisted. We have not retested since then. _________________________________________________________________ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs ----- Original Message ----- From: "Bradley King via mailop" <mailop@mailop.org> To: "Otto J. Makela" <o...@iki.fi> Cc: "mailop" <mailop@mailop.org> Sent: Friday, December 15, 2023 4:06:29 AM Subject: Re: [mailop] Incoming spam from outlook.com I have an open ticket with Microsoft for Spam /Phish from their network. Each morning, I collate data and send them the previous 24 hours. Hundreds of thousands of spam and Phish each 24 hours. I have been sending them data for around 2 months. I am yet to see any improvement. I see it from outlook/hotmail. Vanity domains on O365. Loads of throwaway domains made up of garbled text.(example only- sheurussswu.xyz). Loads of the newer TLDs - .fun .xyz .motorcycle - too many to list. All configured with valid spf/dkim. Most likely their trial accounts being abused. No improvement, no real feedback. I honestly don’t know why I persist. Cheers, Brad On Fri, 15 Dec 2023 at 6:46 pm, Otto J. Makela via mailop <mailop@mailop.org> wrote: This week, we've been getting quite a lot of carefully forged spam from outlook.com addressess, fully using their email infrastructure. What is your experience, is there point in putting effort into reporting it? ---- Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender <m...@smtp1.csc.fi>) with ESMTP id 3BEM7Xf3015890 for <n...@rt.csc.fi>; Fri, 15 Dec 2023 00:07:35 +0200 Received: (from defang@localhost) by smtp1.csc.fi id 3BEM7IvH012400 for <n...@rt.csc.fi>; Fri, 15 Dec 2023 00:07:18 +0200 Received: from smtp1.csc.fi (localhost.localdomain [127.0.0.1]) by localhost.localdomain (envelope-sender <m...@smtp1.csc.fi>) with ESMTP id 3BEM7IId015829; Fri, 15 Dec 2023 00:07:18 +0200 Received: (from mail@localhost) by smtp1.csc.fi (8.14.4/8.14.4/Submit) id 3BEM7ITP015828; Fri, 15 Dec 2023 00:07:18 +0200 Received: from BL0PR02CU006.outbound.protection.outlook.com (mail-eastusazolkn19010000.outbound.protection.outlook.com [52.103.11.0]) by smtp1.csc.fi (8.14.4/8.14.4/CSC) with ESMTP id 3BEM7F1i015812 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <n...@funet.fi>; Fri, 15 Dec 2023 00:07:16 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ED4/pL0CafVHglmaDmvjHxVDN4EW9jGaMQR1VJYER8Bsa8swuMkxlZhTs65sAAt9eis5DBUBfn6cxwf8NTdxVZxuR2bhNTqcLnPguJCYqp623YQ+HGh/r3Bj7qkwCgrHoSChJ/EP/yQZMlDGmoU/Ly3LdSBZmEO9xBEV0IFue2vEey+aHblDvtFmImHsKci63Yedvu2omyr/zJr7Z5/FM613tKxE/BS0GDvsia7qHS/Qlap7rvCgIDERgv14Qg5OmtaQt3rm0tmQuI3L1dAr03WuJKYQC/LmC4BPYMOkfmJ++j14hURVSwqwDKQ2+GHfYs6hNlN+Br1ZzmRMCeNvvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=n22tReCwEFnVZbea6M1d/XDPeerT366qXHUeAA1z2yMdkHAeCPQuSeRJf3zNZGndOCJza7xasD5Se8eEGONoyq+3YuF/OVVEW1Jyhdd1J85G8eKx7ices5ZjeXvz5aPqyYKEPfsOjl/f87pSaCd9KttLSOgXzU+s+gtt80aiRRokJdwlNfkaRuvS4rcjxjoS1X9ayUnhzQMLwFl+1nWO/JCXlQNpwHMs0GtWYdg4lXjOy4WNeasWYIyD9D8xuAJWRBIEgOzj6jnw3rsKbFhzN40d7UVreABzayjsnxxF7mwgiJpUjsk+qbrCHidoutcuzfVQbrP4esMIptGdRCwPng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+vYwBP6aADOQhZpYxFMSfCiOdzfInsqVrllavvDJEk=; b=F68bS/eFYdcPZC1FKfvcJVO9sMoPgwzzbM6sctTJhpsEqVtgGULPtxlmPmmr12z1q5expAztRumFcFqb72vHAZ3L/Qz+sfSqyV4QtgUykmIsi9bIRiXxWmUVcHHrpBBy4lImm+76AUdxPL386FrTBHnWae12R+BXV18dxxziWdPIqBXx2ZW0etZnSJRCtq78ij1VU9L9tbTK0iygL8W2paDnLw5c7EXC2pwqWwG9uV8zKHOQK5Tzsvp8ePgdy2uBD0/pqfbeQa77JPL2dM8Orfe2cgZL2yeU5xl/0a+Y13h2+3g6mYjLCnhPIPYvKetEV6cwa60zd8KRoDByKeQWeQ== Received: from SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) by SA3PR05MB9668.namprd05.prod.outlook.com (2603:10b6:806:313::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Thu, 14 Dec 2023 22:07:08 +0000 Received: from SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23]) by SA3PR05MB10372.namprd05.prod.outlook.com ([fe80::b6f1:c6f7:359c:2f23%3]) with mapi id 15.20.7091.028; Thu, 14 Dec 2023 22:07:07 +0000 X-Mailer: MailBee.NET 12.3.1.667 From: "livshitsjemere1...@outlook.com" <livshitsjemere1...@outlook.com> Subject: Sinkku UA-naiset ovat alueellasi! Reply-To: "livshitsjemere1...@outlook.com" <livshitsjemere1...@outlook.com> Date: Thu, 14 Dec 2023 23:07:03 +0100 Message-ID: <sa3pr05mb10372f7cfebdcf1ccc3a32922cf...@sa3pr05mb10372.namprd05.prod.outlook.com> Content-Type: multipart/alternative; boundary="----=_NextPart_000_44D3_27757235.EC7D78A2" To: Undisclosed recipients:; X-TMN: [t1N2pGILfQDQhYs+XuQIbsU9zMJ8MRod] X-ClientProxiedBy: VI1PR04CA0117.eurprd04.prod.outlook.com (2603:10a6:803:f0::15) To SA3PR05MB10372.namprd05.prod.outlook.com (2603:10b6:806:37d::18) X-Microsoft-Original-Message-ID: <1.b871d96563f8d1a21a98@DESKTOP-PKC9ISR> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA3PR05MB10372:EE_|SA3PR05MB9668:EE_ X-MS-Office365-Filtering-Correlation-Id: 011582c9-e06e-4d33-70fd-08dbfcf102e2 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mUrtrp33HzLxqTyggG3TTVIr+xDniA53VW7zE8JQfACF0/TWoAeD8qCrFrzO60FJeVKsyB2sZXPrHFGfq/zJDcO/aN4vhGSUSiZp23epMJwFtSbNqXoFKybqzTbCKLIJJs1rzK0TkFlfbaECxpvB7yXvhT5xXuDqlJauEMglZZSxmrSHh/MF/1qcbeGwMrzJFm+iWIEq0gQ5F9bPThL0oLsoNvGUBM0dNAR25nfbG5bm8Bk+MlFCJejKeMU9DAVxdXv9kcyxk3Th98/Kjn4Te5ESpxh0yc1NwaFvOQOdioQNKEYU+7nHX/R0FEHLk/65Gk0RbYe8vasSKEaWQ0pvo6lo6WKvHXzgQTFaNIWC3xAxq5uRLwelHZ0vJqBbWMJ9kxKMz+qduq8ckFv4mLAPk4FuIP9rCeMd5U1VUlYZlKyDhmqrkLvLrb+Uq6jNdIXCgkLrFJigmp+APSMiNyFgSIBDiEg3zmDjvBXD55XWd9qbbzbFNiK+FmRVpgfUYhnuX4imVN2EZWaDprJCBBOCfCZ68ciJ/Pym21Vgh82RxSJlFovrFukyZPzd8HXhQ1aU72Vp236KFmU42ODj3RVVQFHWjZfVBsjiwMbJPLAOdUyNVPYRL7iQXblwy5RDbQXe4PgT+G0U9xCwYN3ew3/G+tx9TSvHg2PrzyW9/LyFNShLKeZRcfiNXxWb49dMjJOwnCqEb0foc7o50pLvKuqLNq6ACRT1iBpq1pB2NxoABwi6NdhVDB0UTfmfxlAnLBbtbaFLXnpqOO6S9atUKBdzEQ== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OXJWTlZESTZUZVZwbFR1bEVGTlRENXp2VnE1NzgxWEFDcFJNaExWVUdRWlhL?= =?utf-8?B?SzNjZjZNaFZ4YVFVeVpLbDVhTVlFbUhJaGp6bzB3THpXcHhCUVFaZ3JXZzlJ?= =?utf-8?B?V0JGOWpiWDRLY2dVVnNZaS9hZDM3L3BUWHRaVS9YWTJMSitIZnBpb2kvRWVS?= =?utf-8?B?T3lmeVRMSVRlakJkNVVNc0hsbHNmeG5XUGRqODVLZWsyZFk3TVFIQ2hOcWxE?= =?utf-8?B?YzIxcU9mQ3Y4OGV4SmpaZGdNK0xWK2FtUGR4dDNMVDNjVFRPNy9uYVl1MCtB?= =?utf-8?B?Z1E3bGh3Z0wyaHhEN1RHaXd3cTZLczV2VGRUb0plRTN0ajA5QzdqUGhlVElm?= =?utf-8?B?d0NTdi9XVjFlQndwR2diMnpkYWx5Z0xnODhiOGZjZFhmL2Vvc1J5ZWxpek5z?= =?utf-8?B?N1JwSVQydGZiS2RHcGdUOFVSN01kTkFiTnRQRkxzN1lTMVFiTHNTZFpROFhF?= =?utf-8?B?WUhZbWEyM1RBc0VLTzVlbnNEcDVJTkprbzhvNFhqTHFzZHZ5cnNPQUE3OEYv?= =?utf-8?B?TlhYTC9hY0J1MnMwb1ZJTmlkRzZ5N09xVFo5YXVGVkJSb3ZobWswYkVLbkdz?= =?utf-8?B?WTNUSE4vQnNlbmJFdjN0TTZjK00wUUorTlJFR214MktSZ1g0OUJ2U0xxQXN0?= =?utf-8?B?dlVUbHJDaElHU3F0cDVneFh2dGM2b1BNTVFQZi9YL3M5WEI1SmR3VXNvOThJ?= =?utf-8?B?ZzM3emtDUjJDRndlMUwwM0VnTUhOemxWR01TdjZCRzdxMTAzZ1JwVjZGM3I2?= =?utf-8?B?VmxranVOOW5ZVzVTS3dvZTJpUTNnKzJyUlM2L1hHZW5TZVJCQTRscU9Cb1lD?= =?utf-8?B?RGZJYzRwMTVOV1BQMmtkN3dTZHZJdWtTNjVnZW9WMG94MUlTanlGc1doVlMv?= =?utf-8?B?a3VzQnJUcWQvRlhjVU4zSHNJYVVIQVUzVjRXN0xyMkVZY2ZidjZUQzExTk1M?= =?utf-8?B?LzZIZkMwQVk0RnVNN3ljTmhTR29jTFo3aEpWQThyZG9lM0g0ZWZla1MyTUpv?= =?utf-8?B?cHpLcVBVcS8wK2theU9xdUsyaHhMbWpZOGcwVWExREJtSDQrRUlyUE5JNVpU?= =?utf-8?B?bjNTQ0d1N2ZnN3hQak8zd3RUVitlWVBUMWo5TnVRV01ZdGtmbXFNMVplblk4?= =?utf-8?B?VmY4bHVDMG94emx2ZmxleW9kZGp5cFg2ZGc5TUdidUhidmt3U1ZsL1V6UllM?= =?utf-8?B?eVVxbVY4TjFNanB4YjJvOG8vS2RvTUNZeWJkc1BYT2psbDBMc2gwc21BQmlY?= =?utf-8?B?MXBjaWZTRTlmYXNWQ3lvY2FiR25KRjBFNXFkQUNrcGRremQ1VFRZK056YmpI?= =?utf-8?B?SkhGRzJuT3NzaFo3U3p5STYybkpmSkcrdWZzWEtqN3JOdDBnTEt6aVpzT29j?= =?utf-8?B?TzhxNkRENGEvcFhoL0ovaVlDRWlZR3MrNURqMEZGcXhyNDZFS09xdzAvT05z?= =?utf-8?B?aytIR3JGUG1Eb1NzNmxkMDgyYVdpVllCWEczV2QzL0d1bFNJMWRnaFNheEt5?= =?utf-8?B?QWR1ckl1dzhVcnB5dVRVQ0JRTUxqTE1obXJvamtKRFJWNWVPSHZLQVdXYS9n?= =?utf-8?B?anNVZmRUWm9iV21Lb3FjN3FsUDk3WXZ3M1FSQVIrcTlYcnJtclJFbjZGTXBQ?= =?utf-8?B?YzFWNFJkMnNha3M3d295RVhGV3ZGN3F5NWovd08vdkh1Z0JTTXFhT2JGVGJB?= =?utf-8?Q?AgekubL8OO9BSWEndSK7?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 011582c9-e06e-4d33-70fd-08dbfcf102e2 X-MS-Exchange-CrossTenant-AuthSource: SA3PR05MB10372.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2023 22:07:07.5532 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR05MB9668 X-Bayes-Prob: 0.0001 (Score 0, tokens from: 01_Tag_Only, default, @@RPTN) X-Spam-Score: 0.51 () [Tag at 5.00] AC_BR_BONANZA:0.001,FREEMAIL_ENVFROM_END_DIGIT:0.25,FREEMAIL_FROM:0.001,FREEMAIL_REPLYTO_END_DIGIT:0.25,HTML_IMAGE_RATIO_06:0.001,HTML_MESSAGE:0.001,T_KAM_HTML_FONT_INVALID:0.01,SPF(pass:0),DKIM(pass:0) Received-SPF: pass (smtp1.csc.fi: domain of livshitsjemere1...@outlook.com designates 52.103.11.0 as permitted sender) receiver=smtp1.csc.fi; client-ip=52.103.11.0; envelope-from=<livshitsjemere1...@outlook.com>; helo=BL0PR02CU006.outbound.protection.outlook.com; identity=mailfrom -- /* * * Otto J. Makela <o...@iki.fi> * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 01001111 01001011 * * * * * * */ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
