Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Massive spam from protection.outlook.com

Daniel Nashed  15 February 2022 17:39:16
This is bugging me for a couple of days.

The messages are coming from many different hosted domains with valid SPF record pointing to

v=spf1 include:spf.protection.outlook.com -all

The content is really bad SPAM in my case. And my AntiSpam settings are not preventing them to come in, because most of the elements in those mails are OK.
Beside the content itself ...

I will probably change some key words and I also noticed that all those mails have no Mailer set. But this is also true for other e-mail I receive.

It is even worse! The messages are properly DKIM singed by Microsoft.

Grey listing and other techniques will not help. The mails are properly send and will be resent if delayed.

Asking someone at Microsoft will probably not help. I am not even sure they would take my call or read my mail.

I can't block outbound.protection.outlook.com completely. That's an issue with a large provider...

So I am looking into options monitoring my SMTP traffic very carefully ..

Is anyone else seeing spam like this?
Does your antispam catch it?

-- Daniel


Received: from CHE01-GV0-obe.outbound.protection.outlook.com ([52.100.1.208])
         by notes.nashcom.de (HCL Domino Release 12.0.1)
         with ESMTP id 2022021517062021-365 ;
         Tue, 15 Feb 2022 17:06:20 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=IerYTU3cWysfGyYtnUDlxy+IJOlBUzPw3q0yqWAhZ2vzL9KKDw27Sx0fXkmiqqgBmtdTbH/gL7PxdbuTGmO/xanQSDUIGDGcNg/LJSS8YOCzs82YZwqt0wprLBd7Zc5F0fLDwDq3BQrZ0XxrRcr1p4lJKN6LSS6fRI0mMwoBNYaz5GHlg8cI+ZlcL9CMa1TgwvP9LtkGYi8DpJ75Z4sDaDVQZwvbqjD9U1ir2kwuMOG7azQCfI5VElP5QOnVCZ4RBOqsl0NlG/M385IVavtPmTEXtn2mp+a861LmZVzl/LWS4MzKu+9wo3s/uWuTTs42WNCgBG+256O415l8m2Jg0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=vTtpajShdz8mtJihnscvo2NSt0psoksSv0NqQjaN2qA=;
b=FzOzo0vCfjugObOPMmYBeWWZYbP3/SZa87Z0iaXeFy867530qf/ja5Gu+prpTIpTszzPrxpl1nlARzeYYjbKF+3s5Q2F86IKG/dozToktcIT0xuLKxnVjN1B3RxvR0qWZ5/iOPbrMCFAG+oWzif95IyX+kaKlhvFafWAUFEFSdCjzWhdO3P1sliw2bOsktPUOB5JW3mN60kZ/Ve2eGiCVLB9qkF9RMzWTEv31VUk8AUEK1UzGt2oduxFe8aI4TAeFyeuuKPfQ6L4b/bbUbYYbjM263HqtEHpzTiqFtT+NxR/PkvRkDrP+w8gCC1h+sT2/cQ6qNeE0xe4j/oW3nKBvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=campussek.onmicrosoft.com; s=selector1-campussek-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=vTtpajShdz8mtJihnscvo2NSt0psoksSv0NqQjaN2qA=;
b=YhBwZcBFAxoXMrP736Lw8vLGsuQhThIDs8Ejzz8PDVow3GBLwteX3fR4xFE7eSqe+YNC6K7fM0Ocqn7/bzEd7Z//jWqe+5o6yAyQ975urMTZTCffzMeBt29uGv/MPVzE93f0BvYjfEX74hY4xykgsVJbM56wsnxTWid1Cr1RJbJqSjFf4wMmt+lkHxsRoTXWfuSXffM2qbyHBa7Nf3gNyQx/LwCaPw7ASGmNrpZOv9iNnxEk1n8eZMLCf3OyWoswHZnrtAFZ7GHu1SkjkWvgAgcRETs9Jypiz+W3D8CZPF3mmJjZy9mI80qfCh+G4MV2M6r+/++hQVeeeKnkvvJj2w==
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=XXX;
Received: from ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:4b::11)
by GVAP278MB0469.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:3e::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Tue, 15 Feb
2022 16:06:19 +0000
Received: from ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
([fe80::142:5a2f:da74:9a98]) by ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
([fe80::142:5a2f:da74:9a98%9]) with mapi id 15.20.4975.019; Tue, 15 Feb 2022
16:06:19 +0000
Message-ID: <05d06c383308ddd6f0d56337c3159f94b4765e63@XXX>
From: XXX
Subject: Die bequemste Dating-Site
Date: Tue, 15 Feb 2022 19:03:52 +0300
To:
X-ClientProxiedBy: FR0P281CA0059.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:49::7) To ZRAP278MB0771.CHEP278.PROD.OUTLOOK.COM
(2603:10a6:910:4b::11)
Return-Path: xxxxx
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0fe21474-6dec-4fc0-4abf-08d9f09cc43c
X-MS-TrafficTypeDiagnostic: GVAP278MB0469:EE_
X-Microsoft-Antispam-PRVS:
               
X-MS-Oob-TLC-OOBClassifiers: OLM:136;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]