On 12/11/24 17:19, Scott Q. via mailop wrote:
It seems MS is pushing really hard for the 'NEW' Outlook
adoption. This software, along with Outlook Mobile and myMail
(mail.ru), etc, cache logon information on their own infrastructure
and then basically proxy the connection to the service provider.
For New Outlook, we have both connection from users IPs and from Microsoft IPs.
So, it does not really look like proxying.
Moreover, connections from Microsoft servers seem to be in a flat rate (time in
CET, stats from yesterday) :
IP [2603:1026:c0a:b3::5] (8075) : 239 accounts failed (99.17%) / 241 accounts
!!! AS8075 MICROSOFT-CORP-MSN-AS-BLOCK !!! BLOCKED !!! (FR)
failure hourly rate (failed auth / total auth):
00h-01h : 830/830
01h-02h : 890/891
02h-03h : 841/842
03h-04h : 763/763
04h-05h : 726/726
05h-06h : 770/770
06h-07h : 763/763
07h-08h : 680/680
08h-09h : 668/668
09h-10h : 668/668
10h-11h : 626/626
11h-12h : 757/757
12h-13h : 713/713
13h-14h : 715/715
14h-15h : 711/711
15h-16h : 697/697
16h-17h : 711/711
17h-18h : 775/777
18h-19h : 714/716
19h-20h : 754/756
20h-21h : 769/771
21h-22h : 697/699
22h-23h : 690/691
23h-24h : 791/791
and when it's not in a flat rate, it's in bursts :
IP 4.233.216.98 (8075) : 2372 accounts failed (99.79%) / 2377 accounts
!!! AS8075 MICROSOFT-CORP-MSN-AS-BLOCK !!! BLOCKED !!! (FR)
failure hourly rate (failed auth / total auth):
00h-01h : 2347/2350
07h-08h : 9/11
08h-09h : 578/583
18h-19h : 5/5
19h-20h : 33/33
From what we see, Microsoft servers connections do not seem to be induced by
customers activities.
We have setup an account on New Outlook last February. It was blocked (due to
servers behavior). We uninstalled New Outlook, changed the password, unblocked
the account. Microsoft servers are still trying to connect on this account while
auth has failed for months and there is not a single Outlook setup for that
account...
This makes it impossible for service providers to do any kind of security
checks
I disagree. Worst : I think you do not really have the choice...
We had a similar issue with mail.ru a few years ago : some IPs had some strange
behavior, some accounts were blocked and it snowballed very quickly (more auth
failed and more IPs were detected as misbehaving). The question in that kind of
mess is what started it and I wonder if some people tried to script mail.ru app
to crack accounts...
That might be done with Outlook and there is nothing you can do if you disable
your security checks on Microsoft IPs.
Curious what everyone's thoughts on this practice is and how you deal
with it.
We are living interesting times.
François
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
