Hacker News new | ask | show | jobs
by X-Istence 736 days ago
About 70% of my spam originates from *.onmicrosoft.com. Unfortunately I can't easily block the whole thing because there is also legitimate email traffic from Office365/Azure.

I have tried sending Microsoft reports, but have not heard back, and the spam continues.
1 comments
PreInternet01 736 days ago
Yes, Microsoft is very slow in blocking their customers from sending spam, yet very quick in blocking external senders for that reason (same for Google, Salesforce, Amazon, etc. BTW). Funny how that works...

But, if you can, record the `X-MS-Exchange-CrossTenant-Id` header value for the spam you receive. If it ends in 'aaaa', that means it comes from the public outlook.com/hotmail.com service, and you'll need to do text content/from-address filtering to get rid of spam.

But otherwise, deny-listing the GUID you get, will do wonders to eliminate future spam from that source...

link
X-Istence 736 days ago
For anyone interested, here's the list for the last month or so:

https://gist.github.com/digitalresistor/03ea1b8798c519a71f06...

Edit: moved list to Gist.

link
PreInternet01 736 days ago
You... seem to get a lot of spam! Just out of interest, across how many unique local recipient addresses is this, and how did you determine these messages were illegitimate?
link
X-Istence 736 days ago
Single user... me. My email address is used on all my git commits/mailing lists across the web.

I check my junk folder every other day to make sure that legitimate mail does not go through because I've set my rspamd config pretty tight.

So all of these are classified correctly as spam by human eyes.

link
PreInternet01 736 days ago
Interesting, thanks! For what it's worth: my multiple-thousands-of-users mail server hasn't seen any of these Azure tenants in the past 14 days.
link
johnklos 736 days ago
That doesn't seem too surprising. While my account just gets three or so "digital marketing" or "mobile app" spam a day from Outlook, Mom was getting dozens of Apple / Home Depot / Harbor Freight / Lowes phishing spam a day from Outlook. Reporting them did absolutely nothing, and there were no identifying patterns beyond the painfully obvious fact that they were all from the same campaign, so I'd wager that creating unique accounts on Outlook is trivial.
link
X-Istence 736 days ago
That's interesting to say the least... it means that there are MANY MANY more azure tenants that are used to send spam :/
link