Huge increase in spam from Office 365 domains.

Posted on November 2, 2013 by

Over the past months I’ve seen a steady increase in spam from onmicrosoft.com email addresses via Microsoft Office 365 servers.

It looks to me that spammers are now signing up trial accounts on Office365 and using the non-verified onmicrosoft.com domains to send their spam.

Image

I’m not sure what the sign up procedure is for email services and how they validate accounts but it clearly isn’t working :(

moremsspam

 

Received: from emea01-am1-obe.outbound.protection.outlook.com
 (emea01-am1-ndr.ptr.protection.outlook.com [157.56.116.97]) by
 fairy.mouselike.org (8.13.8/8.13.8) with ESMTP id rA1BgqhT026375 for
 <red@cted.info>; Fri, 1 Nov 2013 11:42:53 GMT
Received: from [115.245.169.199] (115.245.169.199) by
 HKNPR03MB033.apcprd03.prod.outlook.com (10.242.118.141) with Microsoft SMTP
 Server (TLS) id 15.0.800.7; Fri, 1 Nov 2013 11:42:58 +0000
Content-Type: multipart/alternative; boundary="===============1741518401=="
MIME-Version: 1.0
Subject:
To: Recipients <123412@MuthootFinancePlc.onmicrosoft.com>
From: <123412@MuthootFinancePlc.onmicrosoft.com>
Date: Fri, 1 Nov 2013 17:12:51 +0530
Reply-To: <m_fplc3@blumail.org>
Message-ID: <bad857ff-b6d9-4e79-acf8-bc5171005ce8@HKNPR03MB033.apcprd03.prod.outlook.com>
X-Originating-IP: [115.245.169.199]
X-ClientProxiedBy: HKNPR02CA023.apcprd02.prod.outlook.com (10.141.16.18) To
 HKNPR03MB033.apcprd03.prod.outlook.com (10.242.118.141)
X-Forefront-PRVS: 00179089FD
X-Forefront-Antispam-Report: SFV:SPM;SFS:(199002)(189002)(81542001)(85306002)(84326002)(59766001)(77982001)(81956001)(81686001)(43066001)(71186001)(5406001)(74366001)(512934002)(81342001)(83072001)(81816001)(74876001)(76482001)(66066001)(69226001)(31686002)(63696002)(4396001)(76176001)(33646001)(83322001)(80976001)(54316002)(74662001)(74502001)(47446002)(56776001)(47736001)(47976001)(50986001)(49866001)(564344003)(46102001)(76786001)(80022001)(74706001)(65816001)(76796001)(79102001)(51856001)(56816003)(74316001)(77096001)(76576001)(54356001)(25636003)(87266001)(42186004)(84722001);DIR:OUT;SFP:1501;SCL:5;SRVR:HKNPR03MB033;H:[115.245.169.199];CLIP:115.245.169.199;FPR:;RD:InfoNoRecords;A:0;MX:1;LANG:en;
X-OriginatorOrg: MuthootFinancePlc.onmicrosoft.com
X-Greylist: Recipient e-mail whitelisted, not delayed by milter-greylist-2.0.2 (fairy.mouselike.org [81.187.42.200]); Fri, 01 Nov 2013 11:42:53 +0000 (GMT)
Return-Path: 123412@MuthootFinancePlc.onmicrosoft.com
X-Antivirus: avast! (VPS 131031-1, 31/10/2013), Inbound message
X-Antivirus-Status: Clean

 

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Huge increase in spam from Office 365 domains.

  1. Mike W. says:
    March 30, 2015 at 20:18

    Probably safe to have a rule blocking anything with “onmicrosoft.com” in it. If a company has signed up for O365, but can’t bother to get their own domain, it’s not worth dealing with them!

Comment on this topic

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s