Jump to content

When did Microsoft become a spam haven?


LaserMoon
 Share

Recommended Posts

For several months I've been registering an uptick in spam sent from Microsoft services, both from Azure and from Outlook. Are they vulnerable to exploitation, or are they merely incompetent at handling abuse reports? We literally tell them "here's the user abusing your services", yet the same abuser is allowed to send spam for months on end.

Their handling of abuse reports is also unhelpful, the message is always:

Quote

This message is to notify you that the Computer Emergency Response Team has reviewed your reported issue and has actioned it appropriately.

Something like this is never experienced with serious established infrastructure providers.

Edited by LaserMoon
Link to comment
Share on other sites

2 hours ago, LaserMoon said:

For several months I've been registering an uptick in spam sent from Microsoft services, both from Azure and from Outlook. Are they vulnerable to exploitation, or are they merely incompetent at handling abuse reports? We literally tell them "here's the user abusing your services", yet the same abuser is allowed to send spam for months on end.
Their handling of abuse reports is also unhelpful, the message is always:

This always happens with "free trials" where they don't ask for a valid credit card
As soon as it gets canceled a spam bot opens another.
And spammers use their spam list always from 
abuse[AT]messaging.microsoft[DOT]com -  junk[AT]office365.microsoft[DOT]corn 
Getting hammered from these morons ,myself

Link to comment
Share on other sites

There is a part of this with the free trials. I think there is also part of this that might be when Microsoft added IPv6, but mailhosts only appears to accept the last 20 IPs. There are more than that on their internal relay server space.
Link to comment
Share on other sites

  • 2 weeks later...

This is beyond parody, Microsoft is now openly enabling scammers to send the lowest tier of spam "FBI NOTIFICATION FUND" signed by "CHRISTOPHER A. WRAY" <ksmg@tssolution.ru>.

They even give the Russian spammers their own little subdomain for convenience:

dig +short MX tssolution.ru
0 tssolution-ru.mail.protection.outlook.com.
10 mx.yandex.net.

Amazon EC2 is light years ahead of Microsoft when it comes to pretty much everything.

Edited by LaserMoon
Link to comment
Share on other sites

And what exactly is "MyCoucheTard.onmicrosoft.com"?

 

smtp.mailfrom=tssolution.ru; dmarc=none action=none header.from=tssolution.ru; dkim=none (message not signed); arc=none\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MyCoucheTard.onmicrosoft.com; s=selector1-MyCoucheTard-onmicrosoft-com;

 

Link to comment
Share on other sites

Yes, this is a problem. Daily now for me also.

gnbrandschile.onmicrosoft.com
GreenConcreteCJSC.onmicrosoft.com
overseasvamani.onmicrosoft.com
and more…

Any of you guys look at the image hosts for spams too? I tend to look and report the image files.

Imgur.com is quick to respond and delete. My spam sender rarely uses this now.

Zupimages also VERY quick to respond and delete.

ConstantContact.com was interesting. Spammer created dozens of customer accounts and uploaded images. Did not send emails from the accounts but called the images via the URLs. CC acted to close/delete.

 

Link to comment
Share on other sites

6 hours ago, LaserMoon said:

And what exactly is "MyCoucheTard.onmicrosoft.com"?

 

smtp.mailfrom=tssolution.ru; dmarc=none action=none header.from=tssolution.ru; dkim=none (message not signed); arc=none\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MyCoucheTard.onmicrosoft.com; s=selector1-MyCoucheTard-onmicrosoft-com;

 

Yeah the sender is using US brand names to try get responses. Any US brand name will do. Couche-Tard is not actually well known but I guess they might think it is. The Couche-Tard business operates convenience stores. Circle K gas stations being one of them.

Link to comment
Share on other sites

On 11/6/2022 at 5:18 PM, Hanco said:

Any of you guys look at the image hosts for spams too? I tend to look and report the image files.

A bit off-topic, but yes, there are several "extra" things to be reported that are outside of SpamCop's scope:
- The entire URL obfuscation chain (to URL shortening providers, or to services used as redirects such as Twitter, Wix, AWS S3, Google Sites)
- Image hosting.
- Gmail or other email addresses used as the reply-to field.

 

Link to comment
Share on other sites

Yeah I always report to abuse@gmail.com for the reply to and the requests reply in body (or has call to action button/link to generate reply to gmail address)

And report to Imgur, Zupimages, ConstantContact, or other abused provider… I find they are very willing to delete and stop abuse of their services.

And all the shortening services including the organized spammer’s in house processes.

Not off topic for me. Integral to the fight against these IDIOTS. They can work out who is doing it and remove me. Then they can carry on (unfortunately)

Edited by Hanco
Link to comment
Share on other sites

I believe the reason why Spamcop doesn't report the whole chain is it could cause a connection to the spammers server and let the spammer know you got the email. There are so many URL shorteners that keep popping up, I would imagine that SpamCop would have a hard time keeping up with them too. But then one would need to trust the admin of the URL shortening service in order to look up the next chain.
Link to comment
Share on other sites

Almost all my spam at this year, after the summer, has been from Microsoft and even hosted by them. 

I could get those messages 40 per day and they all are the same (most of the days only 15 or none). I have reported those to Microsoft and to those image hosting services like a Discord and Zupimages and Github.

No matter I do, Microsoft keep sending those and hosting them.

 

Before that they did use other services, but I managed to close all of them. It was tons of work reporting that many spam to different services. Got them sites blacklisted to some Antivirus companies too.

I am using spam[DOT]org too, but that seems to be dead.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...