Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

SPAM from servers with IN-ARPA *.cloudapp.azure.com

Daniel Nashed  31 December 2020 09:55:27
Today I got a lot of SPAM today gray-listed from hosts in those domains.
The worrying part is that this is split on different data centers apparently.
So I got mails from the following sub-domain which have been listed in my SpamGeek with a high gray-list value and now got an explicit SPAM rating.
Not expecting to have any customers sending me mails from there... But if they do, they need some really positive other rating based on content ..

Moving applications into the cloud at providers with shared services can cause that your outgoing mail traffic is impacted by others misbehaving on the same shared service.

I looked up one of the sub domains in SenderBase. None of those hosts have been rated with a "Good" rating -- currently 7 hosts are rated "Poor".
And I know companies setting their CISCO ESA (which is using the SenderBase) to even not accept "Neutral" reputation (which is something I would never recommend).

CISCO ESA (aka. IronPort) are one of the leading solutions used by many larger customers.
And if you are having a "Poor" rating you are in serious outgoing e-mail trouble!

-- Daniel

*.northcentralus.cloudapp.azure.com
*.northeurope.cloudapp.azure.com
*.eastus.cloudapp.azure.com
*.westeurope.cloudapp.azure.com


Image:SPAM from servers with IN-ARPA *.cloudapp.azure.com


Comments

1Hans-Martin Mosner  28.02.2021 10:37:37  SPAM from servers with IN-ARPA *.cloudapp.azure.com

This is an ongoing problem that Microsoft/Azure does not seem to be willing or able to fix. Since they choose to be silent about it, it's anybody's guess what is actually happening - whether it's compromised accounts, or accounts registered using fake identities, or some exploited vulnerability in their cloud infrastructure.

Block all of *.cloudapp.azure.com and be done with it. Customers who think they can use their Azure cloud as an outgoing mail server need to think again.

2Some Guy  06.05.2021 11:27:43  SPAM from servers with IN-ARPA *.cloudapp.azure.com

I think it is normal for Azure tenants to be able to make subdomains of xxxx.region_name.cloudapp.azure.com. So it would be an Azure tenant presumably. But this asdfsdf spammer sure seems to be going on for a long time and getting away with it. Started in mid-Decemeber for me, still going strong. Also astmpdsfsdf.

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]