Over the past months I’ve seen a steady increase in spam from onmicrosoft.com email addresses via Microsoft Office 365 servers.
It looks to me that spammers are now signing up trial accounts on Office365 and using the non-verified onmicrosoft.com domains to send their spam.
I’m not sure what the sign up procedure is for email services and how they validate accounts but it clearly isn’t working :(
Received: from emea01-am1-obe.outbound.protection.outlook.com (emea01-am1-ndr.ptr.protection.outlook.com [157.56.116.97]) by fairy.mouselike.org (8.13.8/8.13.8) with ESMTP id rA1BgqhT026375 for <red@cted.info>; Fri, 1 Nov 2013 11:42:53 GMT Received: from [115.245.169.199] (115.245.169.199) by HKNPR03MB033.apcprd03.prod.outlook.com (10.242.118.141) with Microsoft SMTP Server (TLS) id 15.0.800.7; Fri, 1 Nov 2013 11:42:58 +0000 Content-Type: multipart/alternative; boundary="===============1741518401==" MIME-Version: 1.0 Subject: To: Recipients <123412@MuthootFinancePlc.onmicrosoft.com> From: <123412@MuthootFinancePlc.onmicrosoft.com> Date: Fri, 1 Nov 2013 17:12:51 +0530 Reply-To: <m_fplc3@blumail.org> Message-ID: <bad857ff-b6d9-4e79-acf8-bc5171005ce8@HKNPR03MB033.apcprd03.prod.outlook.com> X-Originating-IP: [115.245.169.199] X-ClientProxiedBy: HKNPR02CA023.apcprd02.prod.outlook.com (10.141.16.18) To HKNPR03MB033.apcprd03.prod.outlook.com (10.242.118.141) X-Forefront-PRVS: 00179089FD X-Forefront-Antispam-Report: SFV:SPM;SFS:(199002)(189002)(81542001)(85306002)(84326002)(59766001)(77982001)(81956001)(81686001)(43066001)(71186001)(5406001)(74366001)(512934002)(81342001)(83072001)(81816001)(74876001)(76482001)(66066001)(69226001)(31686002)(63696002)(4396001)(76176001)(33646001)(83322001)(80976001)(54316002)(74662001)(74502001)(47446002)(56776001)(47736001)(47976001)(50986001)(49866001)(564344003)(46102001)(76786001)(80022001)(74706001)(65816001)(76796001)(79102001)(51856001)(56816003)(74316001)(77096001)(76576001)(54356001)(25636003)(87266001)(42186004)(84722001);DIR:OUT;SFP:1501;SCL:5;SRVR:HKNPR03MB033;H:[115.245.169.199];CLIP:115.245.169.199;FPR:;RD:InfoNoRecords;A:0;MX:1;LANG:en; X-OriginatorOrg: MuthootFinancePlc.onmicrosoft.com X-Greylist: Recipient e-mail whitelisted, not delayed by milter-greylist-2.0.2 (fairy.mouselike.org [81.187.42.200]); Fri, 01 Nov 2013 11:42:53 +0000 (GMT) Return-Path: 123412@MuthootFinancePlc.onmicrosoft.com X-Antivirus: avast! (VPS 131031-1, 31/10/2013), Inbound message X-Antivirus-Status: Clean
Probably safe to have a rule blocking anything with “onmicrosoft.com” in it. If a company has signed up for O365, but can’t bother to get their own domain, it’s not worth dealing with them!