Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 2365 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam - any tips?

Louis-M

We seem to be under a spam attack with a malicious html attachment. I've blocked html, htm etc as a last resort.

The emails have gone straight through our UTM spam filter and are coming from outbound.protection.outlook.com with numerous IP's etc

Anybody got any tips on how to block?



This thread was automatically locked due to age.
Parents
  • 0

    Any chance to block these mails by Extra-RBL? Tell abuse@outlook.com what’s going on, maybe they care about.

    Best regards

    Alex

    -

  • 0 in reply to Alexander Busch

    The UTM is now blocking and registering them as Malware/Phish.

    Still hitting us every 10 minutes or so constantly and all coming from Microsofts servers.

    You would think that they would know what's going on by scanning outgoing content....

  • 0 in reply to Louis-M

    Louis sent me the headers of one of these emails.  There's nothing there to find as the emails are coming from valid Outlook accounts.  My guess would be infected user workstations as opposed to phished credentials.

    In this case, the best thing would be to submit a report to abuse@microsoft.com for any such email.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Louis-M

    Louis sent me the headers of one of these emails.  There's nothing there to find as the emails are coming from valid Outlook accounts.  My guess would be infected user workstations as opposed to phished credentials.

    In this case, the best thing would be to submit a report to abuse@microsoft.com for any such email.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    They are starting to turn up on blacklists but it makes you wonder what Microsoft are doing ie do they stop mail being sent through the offending IP altogether.

    Is that IP ever recycled eg used to send email from again.

    On top of that, you would still think Microsoft would scan mail outgoing??

  • 0 in reply to Louis-M

    I'd be surprised if the IPs would be on an RBL, Louis.  What was the reason that the SMTP log gave for blocking one of those emails?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I checked the IP via mxtoolbox and some of them eventually went onto blacklists although not all did.

    Others were eventually detected as Malware/Phish

    And some got through and continue to get through.

Unfiltered HTML