On Sun, 14 Jan 2024, Mark Alley via mailop wrote:
This is anecdotal, but I think it illustrates even at a
smaller scale the persistent problem Microsoft currently has
with their tenancy.
I did some quick perusal of the last month's data from our
email logs, and out of a total of 22,473 external emails
that contain a .onmicrosoft.com subdomain in the
RFC5322.FROM field -- 22,086 were blocked because of various
reasons:
* 21,228 spam
* 1 malware
* 759 phishing
* 5 impostor
* 93 "hard" failed SPF without a DMARC record since
onmicrosoft.com
doesn't have one. (probably forwarded)
387 "clean" emails were delivered successfully initially,
and 151 of those initial delivers were then later
retroactively classified as being spam or phishing.
So even at this scale, we're left with a minutia of ~0.01%
236/22473 ~= 1%
"legitimate" emails, most of which are from misconfigured
Exchange Online mailboxes or Office365 groups from various
businesses.
So, YMMV widely, but for most organizations, as John said,
definitely not going to be missing /too /much. Most of what
I see that's legitimate in our traffic would be 3 or 4
specific subdomain additions to a safelist from the
hypothetical block rule, and that would be it.
- Mark Alley
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
