On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500) Thomas Cameron <thomas.came...@camerontech.com> is rumored to have said:
> Does anyone else just block all traffic from *.onmicrosoft.com? Yes. No collateral damage noticed. That includes a system that has administrative and alerting role accounts which handle email alerts from Azure and MS365. > I have literally NEVER gotten anything from that domain which is not obvious > junk. > > I set up postfix to just flat out refuse anything from that domain.[1] If I > get any complaints, I may ease it up, but I was getting TONS of spam messages > from that domain and I figured it was easiest to just block it. > > -- > Thomas > > [1] > > [root@east ~]# grep onmicrosoft /etc/postfix/sender_access > /@*.onmicrosoft\.com/ REJECT > > [root@east ~]# grep sender_access /etc/postfix/main.cf > check_sender_access regexp:/etc/postfix/sender_access > > On 3/18/24 21:13, Jimmy wrote: >> >> It's possible that certain email accounts utilizing email services with >> easily guessable passwords were compromised, leading to abuse of the >> .onmicrosoft.com subdomain for sending spam via email. >> >> I've observed an increase in the blocking of IPs belonging to Microsoft >> Corporation by the SpamCop blacklist since November 2023, with a notable >> spike in activity during February and March 2024. >> >> Jimmy >> >> >> On Tue, Mar 19, 2024 at 12:10 AM Jared Hall via users >> <users@spamassassin.apache.org <mailto:users@spamassassin.apache.org>> wrote: >> >> I've several customers whose accounts were used to send spam as a >> result >> of Microsoft's infrastructure breech. >> >> Curiously, NOBODY has received any breach notifications from Microsoft, >> despite personal information being compromised. >> >> What has anyone else experienced? >> >> Thanks, >> >> -- Jared Hall >> -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
