On 05/10/2018 07:37 AM, RW wrote:
On Thu, 10 May 2018 06:50:46 -0500
David Jones wrote:
I am pretty sure that Microsoft allows
trials of O365 so spammers are signing up and blasting out
junk/phishing emails until they are discovered. These spammers can
spoof anyone on O365 like toysrus.com and the SPF checks will pass.
Do you have a reason to think that that's possible?
It doesn't seem very likely, but there are some default whitelist
entries that should go if it is.
Which part is possible? The trial accounts blasting spam or the
toysrus.com SPF matching? Anyone on O365 not using webmail or Outlook
can spoof any other O365 customer using authenticated SMTP to
smtp.office365.com where they can control the envelope-from and From:
header and the SPF check will pass. The only thing stopping it is
Microsoft's ability to detect unusual activity.
--
David Jones
