Microsoft IP being blocked

[ninth]

On 1/16/2024 at 6:14 AM, petzl said:

40.107.8.113 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 6 hours.
Causes of listing
System has sent mail to SpamCop spam traps in the past week 
Other hosts in this "neighborhood" with spam reports
40.107.7.114 40.107.7.115 40.107.7.117 40.107.7.118 40.107.7.119 40.107.7.120 40.107.7.121 40.107.7.122 40.107.7.123 40.107.7.124 40.107.7.125 40.107.7.127 40.107.7.128 40.107.7.129 40.107.7.130 40.107.7.131 40.107.7.132 40.107.7.133 40.107.7.134 40.107.7.135 40.107.7.137 40.107.7.138 40.107.7.139 40.107.8.40 40.107.8.41 40.107.8.42 40.107.8.43 40.107.8.44 40.107.8.45 40.107.8.47 40.107.8.48 40.107.8.49 40.107.8.50 40.107.8.51 40.107.8.52 40.107.8.53 40.107.8.54 40.107.8.55 40.107.8.57 40.107.8.58 40.107.8.59 40.107.8.70 40.107.8.71 40.107.8.72 40.107.8.73 40.107.8.74 40.107.8.75 40.107.8.77 40.107.8.78 40.107.8.79 40.107.8.80 40.107.8.81 40.107.8.82 40.107.8.83 40.107.8.84 40.107.8.85 40.107.8.87 40.107.8.88 40.107.8.89 40.107.8.90 40.107.8.91 40.107.8.92 40.107.8.93 40.107.8.94 40.107.8.95 40.107.8.97 40.107.8.98 40.107.8.99 40.107.8.100 40.107.8.101 40.107.8.102 40.107.8.103 40.107.8.104 40.107.8.105 40.107.8.107 40.107.8.108 40.107.8.109 40.107.8.110 40.107.8.111 40.107.8.112 40.107.8.114 40.107.8.115 40.107.8.117 40.107.8.118 40.107.8.119 40.107.8.120 40.107.8.121 40.107.8.122 40.107.8.123 40.107.8.124 40.107.8.125 40.107.8.127 40.107.8.128 40.107.8.129 40.107.8.130 40.107.8.131 40.107.8.132 40.107.8.133 40.107.8.134 40.107.8.135 40.107.8.137 40.107.8.138 40.107.8.139 40.107.9.54 40.107.9.73 40.107.9.80 40.107.9.82 40.107.9.88 40.107.9.89 40.107.9.102 40.107.9.108

Add to list 

https://answers.microsoft.com/en-us/outlook_com/forum/all/ip-address-blocked-by-spamcopnet-need-help-with/1533b70e-1e69-4d5c-875b-e5b2ff656b08

 

[DowntownScience]

Any chance the block is related to an uptick in spam caused by the new DKIM/DMARC requirements for sending to AOL, Yahoo, Gmail, etc?  I could see messages that weren't seen as spam prior, being seen as spam now and increasing the % of spam messages being sent from an individual IP.

DMARC Policy & Setup Requirements for Google & Yahoo Email | Proofpoint US

As a Microsoft Partner and 365 Admin let's not pretend that Microsoft 365 is the only offender here.  We receive more spam from Gmail addresses than anything else.  If Microsoft were to require this same thing you'd see Gmail email servers get shut down as well.

 

Edited March 4 by DowntownScience

[petzl]

1 hour ago, DowntownScience said:

Any chance the block is related to an uptick in spam caused by the new DKIM/DMARC requirements for sending to AOL, Yahoo, Gmail, etc? 

Not when they have been tripped only by SpamCop's blocklist (SCBL) with only the spamtrap!
SpamCop spam-traps being hit means they are using poisoned email addresses with no owner but the SCBL.
Obtained by scraping Internet web pages for email address's.
scraping websites with a "web spider" for email addresses
Not only SpamCop has poisoned email addresses on WebSites suspect Gmail and others do also

Edited March 4 by petzl

[Rick McCormick]

SPAMCOP has blacklisted the Microsoft IP 40.107.236.100 which is the IP Microsoft is using to send email to some of our customers 

[Rick McCormick]

Microsoft documentation says we have to call SPAMCOP. SPAMCOP documentation says we have to call Microsoft. Wow ... what a conundrum!!

[petzl]

Have your "customers" signed up with Double-Opt-IN?
Or are you using bought email addresses which has obtained poisoned email addresses by scraping them off the internet?
SpamCop Blocklist (SCBL) is the choice made by  Email providers who choose to use it, SpamCop have never asked them to.
Just used by word of mouth, not from SpamCop owners.
Most Major email providers have their own blocklists generated by placing poisoned email address's on websites, newsgroups, etc.
They just don't tell you, you are blocked, Bit-Binning or spam bucketing them instead.
SpamCop Blocklist does tell the recipient that the IP is been blocked and what for.
https://www.spamcop.net/bl.shtml

Edited March 7 by petzl

[Russell L]

23 hours ago, Rick McCormick said:

Microsoft documentation says we have to call SPAMCOP. SPAMCOP documentation says we have to call Microsoft. Wow ... what a conundrum!!

Microsoft mail servers are actively being abused to send out a large volume of spam to the Internet (mixing your legitimate email with spammers).  Microsoft tells you  "not our problem, call spamcop"? Hah!

Edited March 7 by Russell L

[A Beachy]

We are seeing this issue and our staff are getting very annoyed as numerous valid emails are being blocked.  I realize this is a MS issue, but does anyone have an alternative to SpamCop Block list?

[Russell L]

21 minutes ago, A Beachy said:

We are seeing this issue and our staff are getting very annoyed as numerous valid emails are being blocked.  I realize this is a MS issue, but does anyone have an alternative to SpamCop Block list?

If you insist on using Microsoft, but want to avoid landing in the SpamCop blacklist when Microsoft doesn't police their network, you could always utilize an outbound connector so that your email is delivered from another network/service - which one you choose, is up to you: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#2-set-up-a-connector-from-microsoft-365-or-office-365-to-your-email-server

[A Beachy]

3 hours ago, Russell L said:

If you insist on using Microsoft, but want to avoid landing in the SpamCop blacklist when Microsoft doesn't police their network, you could always utilize an outbound connector so that your email is delivered from another network/service - which one you choose, is up to you: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#2-set-up-a-connector-from-microsoft-365-or-office-365-to-your-email-server

We do not use Microsoft; we do however get emails from those who do and utilize the SpamCop service to block spam emails.

I ask again does anyone have an alternative to SpamCop Block list?

[Lking]

3 minutes ago, A Beachy said:

I ask again does anyone have an alternative to SpamCop Block list?

There are several other block list. I do not have experience any of them.

[gnarlymarley]

One possible alternate to the SpamCop blocking list could be SpamAssassin. You can tie weights to SpamCop such that it would take more than one Blocking list to block spam. You can also whitelist email addresses or make rules that override the SpamCop blocking list. if certain keywords show up in that email.

[petzl]

On 3/9/2024 at 3:33 AM, A Beachy said:

We are seeing this issue and our staff are getting very annoyed as numerous valid emails are being blocked.  I realize this is a MS issue, but does anyone have an alternative to SpamCop Block list?

You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list. SpamCop never asked them to.
While your at it tell Gmail to stop using their secret block list, at lest I suspect they do. as I'm not now getting Microsoft 365 spam not even in spam folder? And this address is PWNED
(love pulling wings off spammers and if possible facing the courts)
https://www.microsoft.com/en-au/microsoft-365/try 
Try Microsoft 365 for free
Sign up for free. Cancel at any time.

Edited March 11 by petzl

[Geeksultant]

Punish the innocent for the actions of the guilty

Blocking entire IPs, or subsets of IPs, or ranges of IPs, such as O365 outbound SMTP servers that have a high volume of spam, is not stopping the spam, it's only blocking legitimate emails from those IPs from getting to their legitimate intended recipients.  It's akin to my mailman not delivery any of my mail because one of the items is a marketing insert.  It's the same as having everyone taking their shoes off at the airport because some idiot 20 years ago tried to use his shoes for something other than their intended purpose.  Bulk blocking is not the answer here.  Block the emails themselves that are spam, provide the recipient the ability to review said spam, and decided for themselves if it's spam or not.  My business is losing thousands of dollars a day by legitimate emails being blocked without recourse to recover those emails.  My partners and clients, many use O365, and their email coming into my business are bouncing back because my hosting company uses SpamCop.  I've asked, multiple times to be removed from SpamCop, but to no avail.  I now have to spend more money to most likely move my email to O365 itself to ensure I don't miss getting emails and possibly legal services to recover what I've lost.  Maybe SpamCop is owned by Microsoft and this is a ploy to drum up more O365 customers?  Very possible in this crooked world we live in today.  My 2 cents worth.  Be glad I didn't type out my 10 cents worth.

[Geeksultant]

On 3/8/2024 at 6:14 PM, petzl said:

You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list. SpamCop never asked them to.
While your at it tell Gmail to stop using their secret block list, at lest I suspect they do. as I'm not now getting Microsoft 365 spam not even in spam folder? And this address is PWNED
(love pulling wings off spammers and if possible facing the courts)
https://www.microsoft.com/en-au/microsoft-365/try 
Try Microsoft 365 for free
Sign up for free. Cancel at any time.

"You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list"

That's a ridiculous statement.  Why?  Because those of us that are having this issue, of inbound emails that are legitimate from O365, we are not complaining about "Free Throwaway Account Users", but longtime, legitimate O365 corporate users.  Many of the emails being blocked, are coming from multi-billion dollar clients and partners of mine, that have thousands, and even tens of thousands of O365 email users/accounts under their domain.  They are the ones being blocked by SpamCop because they block entire IPs and subnets, not individual spam emails.  I use a product called spam Reader that integrates with my Outlook and filters spam.  It does a great job.  99% efficient.  It does, once in a while, filter out a legitimate email.  But guess what?  I can review the spam folder contents, find that email and unblock it.  With SpamCop, I have no such ability.  It either all or nothing.

[gnarlymarley]

One thing to note is that the email was voluntarily blocked by the recipient's server. The people receiving the email setup SpamCop's block list on their server. SpamCop didn't directly block the email from O365. If SpamCop were to remove the entry from the block list, the recipient would then add their own that bypasses the Spamcop block list. Edited March 25 by gnarlymarley

[Lking]

2 hours ago, Geeksultant said:

Maybe SpamCop is owned by Microsoft and this is a ploy to drum up more O365 customers?

 SpamCop is owned by Cisco Systems, Inc.

You could have checked the copyright on https://www.spamcop.net/

[petzl]

14 hours ago, Geeksultant said:

"You need to tell your customers that have your free to spammers Microsoft 365 throwaway account IP's getting blocked , for the receiving ISP to stop using the SpamCop Block list"

That's a ridiculous statement.  Why?  Because those of us that are having this issue, of inbound emails that are legitimate from O365, we are not complaining about "Free Throwaway Account Users", but longtime, legitimate O365 corporate users.  Many of the emails being blocked, are coming from multi-billion dollar clients and partners of mine, that have thousands, and even tens of thousands of O365 email users/accounts under their domain.  They are the ones being blocked by SpamCop because they block entire IPs and subnets, not individual spam emails.  I use a product called spam Reader that integrates with my Outlook and filters spam.  It does a great job.  99% efficient.  It does, once in a while, filter out a legitimate email.  But guess what?  I can review the spam folder contents, find that email and unblock it.  With SpamCop, I have no such ability.  It either all or nothing.

Why is it my or for that matter SpamCop's problem that Microsoft365 are allowing masses of fraudster spammers, as well as naïve users to bomb email accounts out of existence? 
Otherwise  known as a DoS attacks most accounts are shut down by the receiving ISP, this has happened to numerous people often destroying their business and income.
As I said SpamCop has no control over who uses their BlockList
There are other blocklists that are less forgiving than SCBL and won't let the sender know they are blocked.
That is what you are complaining about, 
CISCO and others like I suspect Gmail, Hotmail, Yahoo will not even tell the sender, they just bit-bin their IP/s
Most companies selling email accounts set up protection against IP's that DoS attack sometimes whole countries, infact some allow one to block whole countries IP range.

[Just Joe]

SpamCop vs MS.. I see Spamcop losing this battle.  

Simply put I have clients that have reached out and I have spoken with the clients using Spamcop and most are looking at removing spamcop.  When your spamfilter blocks your business emails because it uses a outdated flawed method to block spam it becomes useless.  

 

Spamcop is basically making itself useless

 

[petzl]

5 hours ago, Just Joe said:

SpamCop vs MS.. I see Spamcop losing this battle.  

Simply put I have clients that have reached out and I have spoken with the clients using Spamcop and most are looking at removing spamcop.  When your spamfilter blocks your business emails because it uses a outdated flawed method to block spam it becomes useless.  

Spamcop is basically making itself useless

Good luck with that, what you going to do about the spam-traps that don't let you know and just bit-bin the listed IP's for maybe months.
Also your "clients" can easily whitelist your sender email address, which will bypass any blocklist that ISP uses.
Strange that your "clients" are not doing that don't you think? Have you even asked them to?
Simple process for a ISP email provider to setup their own spam-trap, a lot more horrifying than SpamCop's SCBL.
Already I have a  pwned  Gmail account which was being flooded by office365, just pushing the "PHISHING" in spam folder  and now nothing, Gmail not told anyone but Ofice365 IP are now not even now seen hitting my spam folder. And I don't report them through SpamCop.

Edited March 26 by petzl

[olddog55]

@Geeksultant & others: The party 'blocking' your mail is *your* email provider.

Any good eMail provider will use a weighting mechanism, combing multiple blocklists that, in the preponderance of evidence, results in an 'Accept', 'Warn', or 'Block'.  The 'Warning' conditional acceptance is usually by either altering the Subject line (e.g. by adding 'Possible spam') or by sending the eMail to the spam folder.

It is up to each individual recipients (your) eMail provider to make this determination.

For any blocked messages, you might want to check the status of your current, Microsoft/Outlook eMail MTA:

https://whatismyipaddress.com/blacklist-check

And, just as a point of reference, here is a count of the 11 spams I have seen in the past half-day:

      2 Listed at AUTHBL.dq.spamhaus.net
      2 Listed at dnsbl.dronebl.org
      3 Listed at b.barracudacentral.org
      3 Listed at bl.spamcop.net
      3 Listed at cbl.abuseat.org
      3 Listed at iadb.isipp.com
      4 Listed at SBL-XBL.dq.spamhaus.net
      7 Listed at bl.mailspike.net
      7 Listed at dnsbl-1.uceprotect.net

You will note that SpamCop is right in the middle of the hits count.  So don't go blaming an individual BL provider.  And that is why a good eMail provider uses multiple BL's in a weighted configuration.  If it's only one hit, it's probably not true spam.  But more, ???

 

Edited March 26 by olddog55

[petzl]

12 minutes ago, olddog55 said:

@Geeksultant & others: The party 'blocking' your mail is *your* email provider.

Any good eMail provider will use a weighting mechanism, combing multiple blocklists that, in the preponderance of evidence, results in an 'Accept', 'Warn', or 'Block'.  The 'Warning' conditional acceptance is usually by either altering the Subject line (e.g. by adding 'Possible spam') or by sending the eMail to the spam folder.

It is up to each individual recipients (your) eMail provider to make this determination.

For any blocked messages, you might want to check the status of your current, Microsoft/Outlook eMail MTA:

https://whatismyipaddress.com/blacklist-check

And, just as a point of reference, here is a count of the 11 spams I have seen in the past half-day:

      2 Listed at AUTHBL.dq.spamhaus.net
      2 Listed at dnsbl.dronebl.org
      3 Listed at b.barracudacentral.org
      3 Listed at bl.spamcop.net
      3 Listed at cbl.abuseat.org
      3 Listed at iadb.isipp.com
      4 Listed at SBL-XBL.dq.spamhaus.net
      7 Listed at bl.mailspike.net
      7 Listed at dnsbl-1.uceprotect.net

You will note that SpamCop is right in the middle of the hits count.  So don't go blaming an individual BL provider.  And that is why a good eMail provider uses multiple BL's in a weighted configuration.  If it's only one hit, it's probably not true spam.  But more, ???

 

Email receivers can easily whitelist any sender email address (sometimes a contact with email provider),
which will then bypass any and ALL blocklist that ISP uses.

[olddog55]

3 hours ago, petzl said:

Email receivers can easily whitelist any sender email address (sometimes a contact with email provider),
which will then bypass any and ALL blocklist that ISP uses.

Good luck with that.  Last time I checked, Microsoft was using NetRange: 52.96.0.0 - 52.115.255.255 and NetRange: 40.74.0.0 - 40.125.127.255.  With their MTA's scattered throughout. 

What is really needed is for Microsoft to get rid of spammers hosted on their systems.

 

[petzl]

6 hours ago, olddog55 said:

Good luck with that.  Last time I checked, Microsoft was using NetRange: 52.96.0.0 - 52.115.255.255 and NetRange: 40.74.0.0 - 40.125.127.255.  With their MTA's scattered throughout. 

What is really needed is for Microsoft to get rid of spammers hosted on their systems.

 

Any email provider worth their salt can whitelist a contact or email sender so it bypasses any and all blocklists they use.
Most blocklists hit the IP/s not a email address.
whitelisting puts a email address ahead of all IP blocklists.

Edited March 27 by petzl

[petzl]

On 3/5/2024 at 7:27 AM, DowntownScience said:

Any chance the block is related to an uptick in spam caused by the new DKIM/DMARC requirements for sending to AOL, Yahoo, Gmail, etc?  I could see messages that weren't seen as spam prior, being seen as spam now and increasing the % of spam messages being sent from an individual IP.

DMARC Policy & Setup Requirements for Google & Yahoo Email | Proofpoint US

As a Microsoft Partner and 365 Admin let's not pretend that Microsoft 365 is the only offender here.  We receive more spam from Gmail addresses than anything else.  If Microsoft were to require this same thing you'd see Gmail email servers get shut down as well.

 

Just remembered there is away to get around SpamCop's blocklist
That's to ask your clients to whitelist you email address.

Whitelisting bypasses all spam-blocklists,

if there is no easy way to do this (there should be) they need to request their email provider to set it up