So are you guys blocking the connections from the MS ASN ? Does that result in 'New' Outlook not being able to login at all or not ?
Scott On Thursday, 12/12/2024 at 05:37 Francois Petillon via mailop wrote: On 12/11/24 17:19, Scott Q. via mailop wrote: > It seems MS is pushing really hard for the 'NEW' Outlook > adoption. This software, along with Outlook Mobile and myMail > (mail.ru), etc, cache logon information on their own infrastructure > and then basically proxy the connection to the service provider. For New Outlook, we have both connection from users IPs and from Microsoft IPs. So, it does not really look like proxying. Moreover, connections from Microsoft servers seem to be in a flat rate (time in CET, stats from yesterday) : IP [2603:1026:c0a:b3::5] (8075) : 239 accounts failed (99.17%) / 241 accounts !!! AS8075 MICROSOFT-CORP-MSN-AS-BLOCK !!! BLOCKED !!! (FR) failure hourly rate (failed auth / total auth): 00h-01h : 830/830 01h-02h : 890/891 02h-03h : 841/842 03h-04h : 763/763 04h-05h : 726/726 05h-06h : 770/770 06h-07h : 763/763 07h-08h : 680/680 08h-09h : 668/668 09h-10h : 668/668 10h-11h : 626/626 11h-12h : 757/757 12h-13h : 713/713 13h-14h : 715/715 14h-15h : 711/711 15h-16h : 697/697 16h-17h : 711/711 17h-18h : 775/777 18h-19h : 714/716 19h-20h : 754/756 20h-21h : 769/771 21h-22h : 697/699 22h-23h : 690/691 23h-24h : 791/791 and when it's not in a flat rate, it's in bursts : IP 4.233.216.98 (8075) : 2372 accounts failed (99.79%) / 2377 accounts !!! AS8075 MICROSOFT-CORP-MSN-AS-BLOCK !!! BLOCKED !!! (FR) failure hourly rate (failed auth / total auth): 00h-01h : 2347/2350 07h-08h : 9/11 08h-09h : 578/583 18h-19h : 5/5 19h-20h : 33/33 >From what we see, Microsoft servers connections do not seem to be induced by customers activities. We have setup an account on New Outlook last February. It was blocked (due to servers behavior). We uninstalled New Outlook, changed the password, unblocked the account. Microsoft servers are still trying to connect on this account while auth has failed for months and there is not a single Outlook setup for that account... > This makes it impossible for service providers to do any kind of security > checks I disagree. Worst : I think you do not really have the choice... We had a similar issue with mail.ru a few years ago : some IPs had some strange behavior, some accounts were blocked and it snowballed very quickly (more auth failed and more IPs were detected as misbehaving). The question in that kind of mess is what started it and I wonder if some people tried to script mail.ru app to crack accounts... That might be done with Outlook and there is nothing you can do if you disable your security checks on Microsoft IPs. > Curious what everyone's thoughts on this practice is and how you deal > with it. We are living interesting times. François _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
