spamkiller Posted January 4 Share Posted January 4 (edited) I see that others have mentioned spam from Microsoft on this forum back in 2022 but no real resolution. I've been reporting spam to spamcop.net for over 10 years. I've always thought that it seemed to be helping to reduce my spam. When I first started I was getting several hundred spams per month and after a few months and for several years I was seeing an average of 50 per month. However......... Things have changed since early December 2023. I'm now at over 300 per month and most of them are from <random chars>.onmicrosoft.com. The IP address of the originating spam is a microsoft IP. All spams have been reported to spamcop.net and I've been forwarding the spams to: abuse@frontbridge.com abuse@messaging.microsoft.com abuse@microsoft.com junk@office365.microsoft.com I received one reply from Microsoft stating to send spams to Cert@Microsoft.com which I have done and added to the list. As of today, I've sent them 55 notifications of spam. I have a PowerShell scri_pt that I wrote to compile stats on current spams, ordered by spam reporting email address, and they are at the top of the list. Here's the first few rows of the report: spam reporting email addresses and count: abuse@microsoft.com:313 abuse@apple.com:7 tech@salki.my.id:6 network-abuse@google.com:3 Any suggestions on what to do next? Edited January 4 by spamkiller Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted January 4 Share Posted January 4 (edited) So, I believe in the forums that there are two types of Microsoft spams. One is from the IPv6 issue where Microsoft is using millions of addresses internally, but I believe SpamCop mailhosts only remembers fifteen. The other, is where they are actually coming from microsoft as you have listed. I believe the *.onmicrosoft.com might be their cloud setup. For some reason, I seem to have very little spam the past week for some reason. The only suggestion I have (after you are attempted the reporting to them) is to report as many as you can to feed the blocking list. Edited January 4 by gnarlymarley Quote Link to comment Share on other sites More sharing options...
spamkiller Posted January 4 Author Share Posted January 4 @gnarlymarley Thanks for the reply. I will continue to report all spams to spamcop. I've searched the internet on the proper method to report spam to Microsoft and almost 100% of hits are an explanation on how to configure your "Microsoft" email app to block or ignore spam! Really?? Microsoft needs to wake up to the fact that not everyone uses a Microsoft email app. Also, why should everyone have to configure their email app to block spam originating from Microsoft? I think that Microsoft should configure their mail host to stop the spam in the first place. Quote Link to comment Share on other sites More sharing options...
petzl Posted January 4 Share Posted January 4 (edited) 7 hours ago, spamkiller said: @gnarlymarley Thanks for the reply. I will continue to report all spams to spamcop. I've searched the internet on the proper method to report spam to Microsoft and almost 100% of hits are an explanation on how to configure your "Microsoft" email app to block or ignore spam! Really?? Microsoft needs to wake up to the fact that not everyone uses a Microsoft email app. Also, why should everyone have to configure their email app to block spam originating from Microsoft? I think that Microsoft should configure their mail host to stop the spam in the first place. "Abuse at microsoft com" will get you a Auto ack telling you where to send spam I don't believe they know how to deal with spammers free email accounts? Usually its phish[AT]office365[DOT]microsoft[DOT]com this week? But they must get millions of abuse reports, most of the clue'y automate by using a web page This criminal redirection links using Gmail Google cloud are reported here for instance https://support.google.com/code/contact/cloud_platform_report I send the .eml attachment as a file attachment with it in "chose file" button But they seem getting bogged down now also? Edited January 4 by petzl Quote Link to comment Share on other sites More sharing options...
spamkiller Posted January 5 Author Share Posted January 5 @petzl Thanks for the info. I did receive a reply from Microsoft on Jan 4 that I had sent them on Dec 23. It seemed to be an real reply rather than an auto reply. This is the 2nd reply that I got from them. I always put "spam Report # xx" in the subject because when they reply, there is no reference as to which email they are replying to. They replied to email report # 31 and I'm up to report # 55, so they are really slow or running about 2 weeks behind. Quote Link to comment Share on other sites More sharing options...
petzl Posted January 5 Share Posted January 5 10 hours ago, spamkiller said: @petzl Thanks for the info. I did receive a reply from Microsoft on Jan 4 that I had sent them on Dec 23. It seemed to be an real reply rather than an auto reply. This is the 2nd reply that I got from them. I always put "spam Report # xx" in the subject because when they reply, there is no reference as to which email they are replying to. They replied to email report # 31 and I'm up to report # 55, so they are really slow or running about 2 weeks behind. the best way IMO is to charge a small fee US$10 (for life) via Credit card or PayPal for what was once free email accounts, this stops the bots. Twitter is anti-bot, and have hoops and jumps to get through. Quote Link to comment Share on other sites More sharing options...
ninth Posted January 6 Share Posted January 6 On 1/5/2024 at 12:45 AM, spamkiller said: However......... Things have changed since early December 2023. I'm now at over 300 per month and most of them are from <random chars>.onmicrosoft.com. The IP address of the originating spam is a microsoft IP. All spams have been reported to spamcop.net and I've been forwarding the spams to: abuse@frontbridge.com abuse@messaging.microsoft.com abuse@microsoft.com junk@office365.microsoft.com Previously I was getting microsoft does not accept reports so sent to abuse at hotmail but SP is sending the same reports listed above from the same spammer since the start of year with IP error discarded forgery. Can we see an example of a parsing header? Quote Link to comment Share on other sites More sharing options...
spamkiller Posted January 6 Author Share Posted January 6 Here's the header of the latest Microsoft spam received on Jan 6, 2024 Note: My email and domain have been removed. Return-Path: <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com> Authentication-Results: perfora.net; dkim=none Received: from NAM11-DM6-obe.outbound.protection.outlook.com ([40.107.223.128]) by mx.perfora.net (mxeueus005 [74.208.5.3]) with ESMTPS (Nemesis) id 1MWB7u-1rgHQL1Zve-00Vfv1 for <REMOVED>; Sat, 06 Jan 2024 04:41:51 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WH5Fl6oIMs9UCI5HL7Jx1GEQeddJQpSpEBrpfdoU7Kmqxdpg8/YMGsfm/LRdUSMshIr3PmL7MWf5JmGOwb/ymRrhX/eMeDDY6oFpq/fCnK7gX6POHdFTLZtgtDxMbyTfVJPTFhqNU0uNbNGrZtwsd7htSAQxD7wJLvPqMXdpY75helChsPwR7ROrs5Ox0+e9HwGQfQNvkxRdr3Iuppa1rW2+nH/jya0ZnvDUNRffIWuwV31GRl/jmhBWgg1ExMO3oZc3qx6zOmcoLJLz9kMc5AXSoO0VlXuYtEgffN7HTykUeX65lGx4OqiaLjPGY7WxH5Bb6tUBrX/euNCaLgU65w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8koqciwTQQ9NBa8XbTaJbbGVvpjlOMLF/IyfHTjyI/s=; b=QHN7bRJ2DPwEHWSCu8G/RQGHmXtzWxTRYOdAH/SN6jmQgiW9apOqGw7kNkkrdRAk6avTtBKTaFrD8tCYErl50kGN8jSmFRYvqSH52AH0O/DCkeTYZyOCW2W6eQMOUjDhfVc2gtppm29Ks37Wx0kdA778nyZQDlsmTAIDuXWTvtKEbVC7xz3bf0s6RpudvZw/G7drM/jtIODwUdHb4QsoTVIVpjyJesRUM7YK8iPfzKEbOpLkWq09PRMJ9W2oX3JvbAUiayUrg+SkPE9lwu8mHh9YdntlLjHuDSbCXux/fPjA0irDWCOzr9PAyRlMiw1uY8rXzlACano6vz+SCd284A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is 185.139.230.132) smtp.rcpttodomain=REMOVED smtp.mailfrom=azx2u2kc5.onmicrosoft.com; dmarc=none action=none header.from=azx2u2kc5.onmicrosoft.com; dkim=none (message not signed); arc=none (0) X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.139.230.132) smtp.mailfrom=AZx2u2kc5.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=AZx2u2kc5.onmicrosoft.com; Date: Sat, 06 Jan 2024 04:40:40 +0100 CC: REMOVED From: YETI Department <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com> To: REMOVED MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" In-Reply-To: <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com> Content-Transfer-Encoding: 7bit Importance: high Subject: Adventure-Ready: YETI 30 oz Travel Mug for On-the-Go Excellence Message-ID: <ee0f5bb7-ee44-4c91-928c-186e94101ec5@BN8NAM12FT110.eop-nam12.prod.protection.outlook.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM12FT110:EE_|BL3PR07MB8900:EE_ X-MS-Office365-Filtering-Correlation-Id: 532e6f5b-21fe-45a3-aa98-08dc0e696a8b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Zoa/QW9woIDHTjVe+8JLFFLEZ6DdlVo3RSz26E++wlAm5joc1MvAMkpENSfH7Ze+aTbkDEJjTsQIbtvwBmVXCgNHm5G2/HGEHFiO9b/Ge84buDeFKgOtL59lCsWRMz1V6GQixBgG7mpjuG9eL5VKf5YprOXFRnofk7wJePc8MCgS4y0XZdLoNaWnBdSa7tmxtXjzGFdNqIYTYyhK3bcS2BYIYytZL1pCf7aGklvsItCVFaaXPErIEidmcftXFpcGr8bpt1ugCIj4p8uu+ws6sslzYtq69lPiY44SM/H4YH68NJf1v16y1egAQcxDPlkMvbV6Y7qR9CGjjB2wpBYMxusrRTRE1B516uzKoOxponDTaKlmw8GblzWmrzDnIboZZ0YCVg48rozAA9HkOJf9GgMQsP5MtNnjofQpn5YsI3SufzzGsRzpmWlmM3VJr4Cklm5CdThLhKFMzhLxT1z3VYP69Vzho0DPYoQh3GZrqO79KmNQjhI6x1Ovv0W6nBYg9pK1uUjVylUDSmT5vJjxF42v2+InQNc0nMNf48H82GFc7GiwYV12l7Ir+g7hSBR0y3mj7Zvb6YZz8JcUQrNnhA== X-Forefront-Antispam-Report: CIP:185.139.230.132;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.beatty.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(39860400002)(396003)(346002)(376002)(136003)(230922051799003)(82310400011)(186009)(7200799017)(451199024)(1690799017)(64100799003)(61400799012)(46966006)(40470700004)(36840700001)(8400799017)(41320700001)(40460700003)(31686004)(40480700001)(26005)(336012)(9686003)(478600001)(82740400003)(31696002)(558084003)(86362001)(81166007)(166002)(2906002)(41300700001)(36860700001)(47076005)(34020700004)(70586007)(6916009)(42186006)(316002)(786003)(70206006)(67280400001)(5660300002)(8936002)(4326008)(8676002)(176363001)(36900700001);DIR:OUT;SFP:1102; X-OriginatorOrg: AZx2u2kc5.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2024 03:41:49.9473 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 532e6f5b-21fe-45a3-aa98-08dc0e696a8b X-MS-Exchange-CrossTenant-Id: b38bbb7a-f829-4fb9-92d4-c9db4665139c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b38bbb7a-f829-4fb9-92d4-c9db4665139c;Ip=[185.139.230.132];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT110.eop-nam12.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR07MB8900 Envelope-To: <REMOVED> X-spam-Flag: YES UI-InboundReport: junk:10;M01:P0:68neQLHhk2A=;0YLRXB0aKdbu+ZuaJB/FgSb0GK4TM6 Ge/isjgYeqCr3eyDLUMI8tqWpLeP5tjeoT65GFYJzO/ZIYgFhMurSMfJ3PjdTlNmtlg+dAnFx C8p+EPLw3KrdZS3l/Gpj0ukZ/L1xrWCM6ay6hDPbYZIvp8cMSB1WP51t0vT2cexY5vBpIUswh 5MrXs1bEzeZkA6QCuQh/t3kN83eUg2xs5sOgiQooFKxmMYZe83GLK4X6HdWmZYtkAUuOZwWwH Xf2uqvnhar3D9XHNLTTzwxQZyHBy6bZmjU5KxCh8RfvWrHaNNpNtpnR7bJn/m5ikkMrBpSTnc H5nhidvPDzFI874q5obnBI3LTIMZoXRlgNL2RWo0lKobq0Px4Xxb+Tz1zN/EQf/wxpURaL8P7 Afz6ndUgCOOYoSPgGbK9si3xztNQqW8FpK5qj+2C2T39gHdVEZgq8utZCsddLXnYRGLoTnw/w COGdd0y1u8LEeaBgaat4c6BlHHbPvn8XaywBup2VSm3RdnBRouwXq4VZ/YuKUuugMfnIbPomZ um7XybXNbW5dfNP2Bz/w2S0yeYiMQsSIYsFQj1WFvhEyzkQTk0V6wxi2euoEF10SHd5T4GoQh uUGWtY+QzfgUW5lznKpTo5VG+2cGmcpELiC+lqRUIM/riqgsk5325HAYTaymJgGx4HpnWZNX/ E+p5dZ9hpbvbmr5vXuEIaOiYq3TRq7ZbbhtlExk/YiIm0ADOfhQVQQCF7LQS36j4TX6mGIzLq 5lmgsUCaUYN57zj4j6EXRwYiYg30C+R6hEsnaaLdgvohtf7cZjW8Q7Obx/zU2lV53OJ4Ad+LR ErQtv8hmg0IV7xzniVyot9dIpCzg58zIetdzM5X57eV50TaWJwC3uBs38vvzaWKWxHorytx5e 3b2canqtH5q+MpeafIrjQQYUdK8XEZggHm9bCNwgUHxcFx8uOteNvewwIEZAHqTH4QV24F9qY 8Qh83wTsHcHrAiwCgd7fZXcMJ1BvtIAr0rSREVbuznRTsArWqX7TehYZBOfnfM5HrtVSSGZr5 cWiud3lpitHODvh5NgOGndh3Gj9q6BPvB+t5RXyE2u61w7M4ujvrdVkxY3vOASxZ1QKeRhAjO hWUogDndFj6XEYJF6RDcJ3ABubCPBOsqVW25bIqIgfvWIRxa1Js4W3mbtd9X8Od3t7E/3mXiw 7GjvOQ3+PON6kz6SnTII6pYalhjOvNCvh+LwGdOPC9Z282v27SD/rwGQwMxKg8bhUjb2LlBpb vs5v1HEfS0/h2kI5Kwv02YyJe9LVqxS3/cyPgYxYUp7LIhQikGYN5vVIhXRwEehgkPFiwFXhq ipU26I/HTXJe9GLZcyh6dHrxOVO00S9PJZqIY591rPmi9sCsun2slgizg+6kMVgdvENXdtsud uFhQK0EwwA3Xclbyl1hlznBKoMIa/NUCnU1XcB65HbI4wDnYlrkUSTTheRlSX0OhX8vmxMw4L cMWI64u6qr3LdtftWpqhWD63huUkWn95jyiVjB0DHiP1/QHOoozCrJSdW8/SLjmrAWWmnhwMA 45qERLP0OQQYUdK8XEZggHm9bCNwgUHxahtrgyHQ91hqndiDdHaz/KygMcfB19KfIMAV0sTtc CPrC4hR0+v4zoVQvn4Tqzpc1DCYgzAu8ln6ECTiyxZI1+YJmhcAfp5qEtbv+c7LXTx2xn686P MdQ3uwQKnB821uOcErFHoaNBkGQJRSRr7gPJem/CN+6rdcZ8d8LISjeGSvqR2BXMWdhhYOQ7g L9/LOxRFCYJ06eAn5+AGWlDZ2kZGHzDCt6iu4viNtTZlrL9WZASDVoxJs4aWTX+oZMxPwwzWK +NUY+41VNFaU22YhRDOv+jpq5PQwgSbK/8eDv0nzkWTKqzlUML4qsr4GlxHl4Tklyje9B+lzr hNVzpzEGKi20kyIdBgn7Gz5aMa2BIJJN8di6oeSIZnPd5I/cXnuqVFcWMnC3hPY3KE2QeG0Wk i2tQ3twP6U1+/gxBLY41nNrsgknxpsnVcr8yCUxNw9/x6z8W3F+Z0azLQ9Uzh9+BxOAbx/rM7 O4CXxZ9HCgOjgjJsKk4Aao6Eu1XAAzEA+hw4ySxQ3YNKKjau/cxwtCE6XzEjQ3ITk/5NuuTG9 U8RemtC7QhYfpXzOCbPCQdHm79Cyf3LEDhEqTsBmjVVCGAZq8Iya2DS16EpMH0to4+DOJn/Bg mB6kbKcrfRL0LbX+RxD3F9rxamDZeSgpCUtaAYP4n6rWR9Pzc4QDQlbcnSzfdnIQaeq2oCJao cYMBx3ViXkMF3wHT5m1wgQs2VZiwtlrWYEtpBfobiGkTqEL9DYqQlN3C6Z3xR6QqfySl2NRpK TnnvfSqaUmIBERXa/rBUKeMQQYUdK8XEZggHm9bCNwgUHxR98LAv6whDxaqPpF9RGLc3mnrKY x2hbSzKDmJ2WbYWq7irP0McFzT0+zZtJltyiGynUMC8vAOChrBMbu7D1ph6zzgNhn2jiVYBpz 1UIR99NbjsjiMo2YxLB2A2MWVK/YNWC20DmAjYpyETebJNTf6TMz161vew34Q0xrga71+ebGy f1yl3Myx7oQlDbJNZ9MjgDj1feSMIAdUWErtabVPB6FeQcyM4qwz/BTV2XXyarrOWl+ye3api A+hOLbY4e8ltsYYIvQQYUdK8XEZggHm9bCNwgUHxg8FcIrJp4GbdV7qeOX0TPeJ4nVsoEUIOo FvT0fK293GeJqvpgIgypwnyWcg6Pa4JgEDpa8YMmYuhSEdDlh4pwuDYhNf+xxyu4HdWFckjO+ OhCI8EwvyKtXhIE0qeJLLSa5AvzXZcLn6INnFooCyIh7mGgdACCzInCH2fq9kHGNi6iRVDrrd B2blYcx8/CfvUxRKtETe1G3q80vprBa4HkReASnp7077BPFfdPjaHW5dIIFwR7VWPta9uKU3s QQYUdK8XEZggHm9bCNwgUHxSqTvgAA5N3HDhZZhqQSNCBUTVOWdAT2m4jQPxTwI4qkf1dhlrH 0pHUTI/g5ZUk7NWO7WMcBrbuB9KgkgXv3eVncVdO1/svWsQU/ X-Antivirus: AVG (VPS 240106-0, 1/5/2024), Inbound message X-Antivirus-Status: Clean Quote Link to comment Share on other sites More sharing options...
petzl Posted January 6 Share Posted January 6 (edited) 11 hours ago, spamkiller said: uthentication-Results: perfora.net; dkim=none Received: from NAM11-DM6-obe.outbound.protection.outlook.com ([40.107.223.128]) by mx.perfora.net (mxeueus005 [74.208.5.3]) with ESMTPS (Nemesis) id 1MWB7u-1rgHQL1Zve-00Vfv1 for <REMOVED>; Sat, 06 Jan 2024 04:41:51 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WH5Fl6oIMs9UCI5HL7Jx1GEQeddJQpSpEBrpfdoU7Kmqxdpg8/YMGsfm/LRdUSMshIr3PmL7MWf5JmGOwb/ymRrhX/eMeDDY6oFpq/fCnK7gX6POHdFTLZtgtDxMbyTfVJPTFhqNU0uNbNGrZtwsd7htSAQxD7wJLvPqMXdpY75helChsPwR7ROrs5Ox0+e9HwGQfQNvkxRdr3Iuppa1rW2+nH/jya0ZnvDUNRffIWuwV31GRl/jmhBWgg1ExMO3oZc3qx6zOmcoLJLz9kMc5AXSoO0VlXuYtEgffN7HTykUeX65lGx4OqiaLjPGY7WxH5Bb6tUBrX/euNCaLgU65w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8koqciwTQQ9NBa8XbTaJbbGVvpjlOMLF/IyfHTjyI/s=; b=QHN7bRJ2DPwEHWSCu8G/RQGHmXtzWxTRYOdAH/SN6jmQgiW9apOqGw7kNkkrdRAk6avTtBKTaFrD8tCYErl50kGN8jSmFRYvqSH52AH0O/DCkeTYZyOCW2W6eQMOUjDhfVc2gtppm29Ks37Wx0kdA778nyZQDlsmTAIDuXWTvtKEbVC7xz3bf0s6RpudvZw/G7drM/jtIODwUdHb4QsoTVIVpjyJesRUM7YK8iPfzKEbOpLkWq09PRMJ9W2oX3JvbAUiayUrg+SkPE9lwu8mHh9YdntlLjHuDSbCXux/fPjA0irDWCOzr9PAyRlMiw1uY8rXzlACano6vz+SCd284A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is 185.139.230.132) smtp.rcpttodomain=REMOVED smtp.mailfrom=azx2u2kc5.onmicrosoft.com; dmarc=none action=none header.from=azx2u2kc5.onmicrosoft.com; dkim=none (message not signed); arc=none (0) X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 185.139.230.132) smtp.mailfrom=AZx2u2kc5.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=AZx2u2kc5.onmicrosoft.com; Date: Sat, 06 Jan 2024 04:40:40 +0100 CC: REMOVED From: YETI Department <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com> To: REMOVED MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" In-Reply-To: <norevenhfd47_BRSuCNjlwKn@AZx2u2kc5.onmicrosoft.com> Content-Transfer-Encoding: 7bit Importance: high Subject: Adventure-Ready: YETI 30 oz Travel Mug for On-the-Go Excellence Message-ID: <ee0f5bb7-ee44-4c91-928c-186e94101ec5@BN8NAM12FT110.eop-nam12.prod.protection.outlook.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM12FT110:EE_|BL3PR07MB8900:EE_ X-MS-Office365-Filtering-Correlation-Id: 532e6f5b-21fe-45a3-aa98-08dc0e696a8b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: That's all we need better to send a track Microsoft get worse at every turn then call them "upgrades" 40.107.223.128 abuse[AT]microsoft[DOT]com only one available which is ignored except for auto ack gleefully telling you to go to some obscure address Their CERT address is no longer for their phishing DOS attacks! phishing-report[AT]us-cert[DOT]gov If they even breathe perhaps need to tell Microsoft for Automatic spam forward as attachment website to sort their DOS attackers out? Microsoft have forums? Will faceup to converting to a Google operating system when this gets to slow with Microsoft deliberately bloated "updates" (downgrades) But won't save the problem with Microsoft spam! Edited January 6 by petzl Quote Link to comment Share on other sites More sharing options...
ninth Posted January 10 Share Posted January 10 MS has an online reporting form for spam and other problems but it is nested and long winded and that is connected to a question and answer service including a complaint about SC blocklist with a very diplomatic reply from MS. Note we are all customers of MS windows and very exe laptops so should get an appropriate level of service even for free email. Should be in the guiness book of records for world's largest monopoly. Quote Link to comment Share on other sites More sharing options...
Mossspamfight101 Posted January 22 Share Posted January 22 Yes, Since about Mid Dec, I've seen a large uptick in e-mail that is from: x.x.onmicrosoft.com In which the e-mail appears to originate from a microsoft exchange server hosted in their "hybrid environments" i.e. All headers have this in common: X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem and all have headers similar to this: X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=25d080a6-ef03-4383-b518-f748034a7c66;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] Where the TenantId (and of course the ip/Helo server vary) however.. they don't vary a TON... Here is my current "HOLD" que for the last few days (that I've captured) X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bb88edeb-a046-428f-98c7-3007bb21248c;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d95b4ed6-8581-423b-8ad8-463ec2ccbee1;Ip=[103.45.246.243];Helo=[cnoleuv.onmicrosoft.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4ce72b09-0a96-4c16-9523-ffbc3bff0b40;Ip=[113.30.191.125];Helo=[maimail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9257821f-9efe-407f-b6d9-94893cf45422;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6f231f96-d242-4ad0-add9-fc6d869ee72c;Ip=[45.147.249.183];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=618ecb0f-8337-4a0a-9655-b116db11101d;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a4c5404-47f2-41b3-9e84-561ac6b54a66;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a6f74299-23c6-49ad-8c8e-b5918189ce47;Ip=[185.139.230.102];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bdc0a6a4-ed9b-48c8-bced-fa1dafac4046;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8a4c5404-47f2-41b3-9e84-561ac6b54a66;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=87dae739-1d28-42f9-be38-de488936841c;Ip=[49.13.6.93];Helo=[mail.thompson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=780d7a6b-9777-4d35-beae-3abe0b5b2e60;Ip=[116.202.19.167];Helo=[mail.hudson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a1809de0-7062-473e-9b6c-6fa779a503d3;Ip=[185.139.230.102];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=dbc593c8-9018-4717-99af-997ea9da84bf;Ip=[63.250.60.46];Helo=[mail.hsmo.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a4839f2e-2e84-432f-ba6d-2164d576b41b;Ip=[212.115.110.66];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d356d2d7-9147-47f4-b046-b40bb7473a90;Ip=[185.47.174.136];Helo=[mail.javierserna.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=c9d27106-63ff-4a36-9184-dc469ce0e417;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=87dae739-1d28-42f9-be38-de488936841c;Ip=[49.13.6.93];Helo=[mail.thompson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1f91eb0a-349b-4afc-bf08-835f9bc9c21f;Ip=[103.13.211.100];Helo=[mzail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6cde98f4-6ccb-40a0-8ffc-472c1a876764;Ip=[194.120.24.64];Helo=[x2wj8j7.starnow.co.uk] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a853bf4e-ba9b-42a7-844a-033032491cd3;Ip=[45.156.26.107];Helo=[mail.elabgids.nl] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=a00c03a8-98c4-4144-baaf-bcdb230b8608;Ip=[49.13.137.1];Helo=[mail.lind.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=47a25a35-9f33-45df-aca3-f00c7d1b4697;Ip=[45.147.249.183];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=25d080a6-ef03-4383-b518-f748034a7c66;Ip=[185.237.12.12];Helo=[mail.saginawpipe.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=45182031-4598-4780-9a07-909a5f424285;Ip=[116.202.19.167];Helo=[mail.hudson.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8ba04ecb-5335-41e0-b97c-6849b1c3911d;Ip=[45.91.171.107];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=49d1a23f-9e64-4a2a-bd0d-63b992c6e9eb;Ip=[31.133.102.250];Helo=[x61ojhg.onmicrosoft.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6dd7820f-4e03-45ae-afd6-4607d44326d6;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0b3b98e1-318f-48b5-89b4-107ee8eab24f;Ip=[172.234.37.165];Helo=[mail.washingtonpost.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=ff8df580-a9f2-48cd-9593-8b6b4b0b89e3;Ip=[45.156.22.112];Helo=[mail.casagalveston.org] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=618ecb0f-8337-4a0a-9655-b116db11101d;Ip=[103.45.246.243];Helo=[mbmail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=302147f8-5b04-4773-86f4-b1656e5e1299;Ip=[45.91.171.107];Helo=[mail.beatty.com] X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=6d12626b-1004-47e9-b194-7d098193eb54;Ip=[63.250.60.46];Helo=[mail.hsmo.org] All of the above are servers that have sent their e-mail out "via" outlook.com (you'll see a few repeats here)... I've also put in a TON of items into spamcop and to "report_spam@outlook.com" However... I think for the folks at Microsoft are... asleep at the wheel. (Or trying to fight this battle with their Window ME computers) Quote Link to comment Share on other sites More sharing options...
petzl Posted January 23 Share Posted January 23 9 hours ago, Mossspamfight101 said: I think for the folks at Microsoft are... asleep at the wheel. (Or trying to fight this battle with their Window ME computers) My email address I use on Usernet was actually scraped by Microsoft, or more likely from me reporting their spam to them from that Gmail account Achieve more with free Microsoft 365 trial Now spamming me, no way I used this address to or for Microsoft, IMO it's expensive broken rubbish more-so than it's ever been? Unsubscribed from that one, went to their site to find they have me on their multiple product list so had to delist them all. Quote Link to comment Share on other sites More sharing options...
spamkiller Posted March 7 Author Share Posted March 7 I'm still getting massive spam from Microsoft. It will drop down to 1 or 2 per day and then back up to 10 per day. Since it started in Dec 2023, I've received over 400 spams from a Microsoft email address. I send every one to spam cop AND to junk@office365.microsoft.com abuse@microsoft.com abuse@messaging.microsoft.com abuse@frontbridge.com Cert@Microsoft.com sewr@senpluspluseop.onmicrosoft.com I will get about 5 replies per week from CDOC Case Management (Microsoft) stating the same thing. Hi, Based on the information you provided, it appears to have originated from an Office 365 or Exchange Online tenant account. To report junk mail from Office 365 tenants, send an email to junk@office365.microsoft.com and include the junk mail as an attachment. This link provides further junk mail education https://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx. Kindly, Leo Microsoft Online Safety The name (Leo) is always different. This may be an autogenerated message from MS before it's sent to the trash. I have no idea. It's strange that they always tell me that I should report it to junk@office365.microsoft.com but every report that I send has the list of email address that it's been sent to. I assume that a real person never reads the email. As of today (March 3, 2023), I've sent Microsoft 176 reports of spam and it's still coming in. What can be done to make this stop? Is there a legal organization that can help me? I don't want to have to spend any money but I'm at wits end on what to do. I do not want to change my email address. Why should I have to do that? I currently have saved 462 spams from Microsoft. Is there a class action law suite that I can get involved with? Microsoft is out of control. Quote Link to comment Share on other sites More sharing options...
petzl Posted March 7 Share Posted March 7 9 hours ago, spamkiller said: What can be done to make this stop? You need to find out the Registrar of URL link in spam I use a free Windows APP to find Registrar. Whois program SpamCop only sends to WEB IP which is often ignored unless it's criminal https://www.gena01.com/win32whois/ Would also help if you could send a SpamCop track, found at top of submission page BEFORE you submit report. Quote Link to comment Share on other sites More sharing options...
ninth Posted March 9 Share Posted March 9 (edited) On 3/8/2024 at 10:02 AM, petzl said: You need to find out the Registrar of URL link in spam I use a free Windows APP to find Registrar. What happens if the links host is aceville and reg/cert gname are scammer friendly...PTE LTD? Cloudflare ns brad and anita are hosting gname but they always reckon they are providing security and network services so not responsible for content and bad behavior...all care and no responsibility. Edited March 9 by ninth Quote Link to comment Share on other sites More sharing options...
petzl Posted March 10 Share Posted March 10 (edited) 4 hours ago, ninth said: What happens if the links host is aceville and reg/cert gname are scammer friendly...PTE LTD? Cloudflare ns brad and anita are hosting gname but they always reckon they are providing security and network services so not responsible for content and bad behavior...all care and no responsibility. If they don't have a registrar, then the IP owner needs to react, would help if you showed who the registrar is. Cloudflare though requires a web report for abuse https://www.cloudflare.com/trust-hub/reporting-abuse/ Also what type of spam, porn/Phishing/no working unsubscribe or all three. Then consider adding the countries CERT email to complaint. https://www.first.org/members/teams/ Edited March 10 by petzl Quote Link to comment Share on other sites More sharing options...
ninth Posted March 13 Share Posted March 13 This is a simbox scam link eurula homes registrar is gname. You posted the first.org address before but I forgot it so thanks for that. Beware do not click on scam links! This post will self destruct in 30 seconds... Quote Link to comment Share on other sites More sharing options...
spamkiller Posted March 13 Author Share Posted March 13 On 3/7/2024 at 5:02 PM, petzl said: You need to find out the Registrar of URL link in spam I use a free Windows APP to find Registrar. Whois program SpamCop only sends to WEB IP which is often ignored unless it's criminal https://www.gena01.com/win32whois/ Would also help if you could send a SpamCop track, found at top of submission page BEFORE you submit report. Thanks for the info. I ran a lot of them through the Win32whois app and it appears that most all show Registrar Abuse Contact Email: mailto:abusecomplaints@markmonitor.com So I forward all spam email from <randomstring>.onmicrosoft.com to abusecomplaints@markmonitor.com (along with the current email list) and I report them to spam.com and spam.org. I've not seen any reduction in spams yet. Once in a while, perhaps once per week I get a reply from MS stating that the email violated their rules and the account has been eliminated (or something like that). As of today, I'm up to 500 saved spams from MS and 198 spam reports to MS. Am I wasting my time? The most annoying thing is that I get around 3 replies per day from MS and they all say "Send it to junk@office365.microsoft.com". EVERY spam from MS goes to that email address! Are they so stupid that can't determine that? Grrrrrrr! Quote Link to comment Share on other sites More sharing options...
spamkiller Posted March 13 Author Share Posted March 13 (edited) Here's a link to Mark Monitor webhosting site: "https:// www{DOT}markmonitor{DOT}com/abuse-policy/" They seem legit and even state that you can file a complaint by phone. This will probably be my next step. Edited March 14 by Lking Not excited by live links to other sites Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted May 1 Share Posted May 1 I am curious if this is still going on, or if I was scrubbed from spammers lists. Quote Link to comment Share on other sites More sharing options...
spamkiller Posted May 1 Author Share Posted May 1 @gnarlymarley - The spam from Microsoft to me has suspiciously dropped to a couple per month. However spam from domains that have namecheap as a registrar have taken over my massive daily spam. I've logged over 100 different domain names that send me spam and have namecheap as the registrar. Most (currently 84%) are being sent from a salesforce.com email address. I add new namecheap domains to my list daily. The war on spammers seems to never end. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.