Jump to content

Mossspamfight101

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by Mossspamfight101

  1. Mossspamfight101
    Yes, Since about Mid Dec, I've seen a large uptick in e-mail that is from: x.x.onmicrosoft.com In which the e-mail appears to originate from a microsoft exchange server hosted in their "hybrid environments" i.e. All headers have this in common: X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem and all have headers similar to this: X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=25d080a6-ef03-4383-b518-f748034a7c66;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] Where the TenantId (and of course the ip/Helo server vary) however.. they don't vary a TON... Here is my current "HOLD" que for the last few days (that I've captured) X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bb88edeb-a046-428f-98c7-3007bb21248c;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d95b4ed6-8581-423b-8ad8-463ec2ccbee1;Ip=[103.45.246.243];Helo=[cnoleuv.onmicrosoft.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4ce72b09-0a96-4c16-9523-ffbc3bff0b40;Ip=[113.30.191.125];Helo=[maimail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9257821f-9efe-407f-b6d9-94893cf45422;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6f231f96-d242-4ad0-add9-fc6d869ee72c;Ip=[45.147.249.183];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=618ecb0f-8337-4a0a-9655-b116db11101d;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a4c5404-47f2-41b3-9e84-561ac6b54a66;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a6f74299-23c6-49ad-8c8e-b5918189ce47;Ip=[185.139.230.102];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bdc0a6a4-ed9b-48c8-bced-fa1dafac4046;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a4c5404-47f2-41b3-9e84-561ac6b54a66;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=87dae739-1d28-42f9-be38-de488936841c;Ip=[49.13.6.93];Helo=[mail.thompson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=780d7a6b-9777-4d35-beae-3abe0b5b2e60;Ip=[116.202.19.167];Helo=[mail.hudson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a1809de0-7062-473e-9b6c-6fa779a503d3;Ip=[185.139.230.102];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=dbc593c8-9018-4717-99af-997ea9da84bf;Ip=[63.250.60.46];Helo=[mail.hsmo.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a4839f2e-2e84-432f-ba6d-2164d576b41b;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d356d2d7-9147-47f4-b046-b40bb7473a90;Ip=[185.47.174.136];Helo=[mail.javierserna.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=87dae739-1d28-42f9-be38-de488936841c;Ip=[49.13.6.93];Helo=[mail.thompson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6cde98f4-6ccb-40a0-8ffc-472c1a876764;Ip=[194.120.24.64];Helo=[x2wj8j7.starnow.co.uk] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a853bf4e-ba9b-42a7-844a-033032491cd3;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a00c03a8-98c4-4144-baaf-bcdb230b8608;Ip=[49.13.137.1];Helo=[mail.lind.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=47a25a35-9f33-45df-aca3-f00c7d1b4697;Ip=[45.147.249.183];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=25d080a6-ef03-4383-b518-f748034a7c66;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=45182031-4598-4780-9a07-909a5f424285;Ip=[116.202.19.167];Helo=[mail.hudson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8ba04ecb-5335-41e0-b97c-6849b1c3911d;Ip=[45.91.171.107];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=49d1a23f-9e64-4a2a-bd0d-63b992c6e9eb;Ip=[31.133.102.250];Helo=[x61ojhg.onmicrosoft.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b3b98e1-318f-48b5-89b4-107ee8eab24f;Ip=[172.234.37.165];Helo=[mail.washingtonpost.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=ff8df580-a9f2-48cd-9593-8b6b4b0b89e3;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=618ecb0f-8337-4a0a-9655-b116db11101d;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=302147f8-5b04-4773-86f4-b1656e5e1299;Ip=[45.91.171.107];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6d12626b-1004-47e9-b194-7d098193eb54;Ip=[63.250.60.46];Helo=[mail.hsmo.org] All of the above are servers that have sent their e-mail out "via" outlook.com (you'll see a few repeats here)... I've also put in a TON of items into spamcop and to "report_spam@outlook.com" However... I think for the folks at Microsoft are... asleep at the wheel. (Or trying to fight this battle with their Window ME computers)
×
×
  • Create New...