A while back, my Yahoo email account became inundated with phishing spam messages.

I accessed the raw messages. Most of the spams had a X-Originating-Ip assigned to Microsoft. So I sent an email message to [email protected] describing my experience.

In response, I received a message saying:
“Based on the information you provided, it appears to have originated from an Office 365 or
Exchange Online tenant account.

“To report junk mail from Office 365 tenants, send an email to [email protected]
and include the junk mail as an attachment.”

So I did that.

For a few days, the torrent seemed to be reducing. But then the stream of trash increased again.

How can I free myself of this plague?

What’s an Office 365 tenant anyhow? Is that a realm where a Microsoft customer is in charge, rather than Microsoft itself?

Does somebody know about a contact in Microsoft that can help?

Is there a contact in Yahoo that can help?

Any fruitful lead is appreciated.

Thanks,
jei

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 11 Mar 2023 21:28:41 +0000, jei wrote:

A while back, my Yahoo email account became inundated with phishing spam messages.

I accessed the raw messages. Most of the spams had a X-Originating-Ip assigned to Microsoft. So I sent an email message to [email protected] describing my experience.

In response, I received a message saying:
“Based on the information you provided, it appears to have
originated from an Office 365 or Exchange Online tenant
account.

“To report junk mail from Office 365 tenants, send an email to
[email protected] and include the junk mail as an
attachment.”

So I did that.

For a few days, the torrent seemed to be reducing. But then the stream of trash increased again.

How can I free myself of this plague?

Show the spams a pattern? Subject line or something? And can a Yahoo user
apply filters? Then I would try that. Spam then should end up in Yahoo's
"spam" box you just ignore.

What’s an Office 365 tenant anyhow? Is that a realm where a Microsoft customer is in charge, rather than Microsoft itself?

No idea. Customer might be hacked.

Could you provide a sample of the header and body (XXX your own email
address and other personal stuff).

Does somebody know about a contact in Microsoft that can help?

Is there a contact in Yahoo that can help?

I don't think either company is interested in removing spammers.
--
Andreas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/11/23 2:28 PM, jei wrote:

What’s an Office 365 tenant anyhow?

Office 365 is a service from Microsoft.

A tenant is someone subscribing to / renting a service.

So an Office 365 tenant is someone subscribing to Microsoft's Office 365 service.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

It’s impossible to detect a pattern in the spam phishing messages.

The “From” Field and the “Subject” field are long incomprehensible strings of text. Each spam message is different.

The way I narrow things down is to use ARIN Whois/RDAP - American Registry for Internet Numbers to identify the owner of the originating IP address in the raw message. The offending messages are from Microsoft networks. Yahoo email can filter on several
fields, but not the owner of the IP address.

Even if it could filter by the originating IP address in the raw message, it wouldn’t be helpful, because I sometimes get useful email messages from Microsoft.

Does anybody have a suggestion for dealing with this situation?

Thanks,
jei

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday, 12 March 2023 21:33 -0000, jei wrote:

<headers>

User-Agent: Rocksolid Light 0.7.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org

</headers>

It’s impossible to detect a pattern in the spam phishing messages.

The “From” Field and the “Subject” field are long incomprehensible strings of text. Each spam message is different. The way I narrow
things down is to use ARIN Whois/RDAP - American Registry for
Internet Numbers to identify the owner of the originating IP address
in the raw message. The offending messages are from Microsoft
networks. Yahoo email can filter on several fields, but not the
owner of the IP address.

Even if it could filter by the originating IP address in the raw
message, it wouldn’t be helpful, because I sometimes get useful
email messages from Microsoft.

Microsoft (and a number of other mail services) hides originating IP
addresses in their email headers, in order to protect (hide) the
identity of the sender. Right or wrong, this is the state of affairs
with which you are attempting to deal.

Does anybody have a suggestion for dealing with this situation?

You are attempting to respond to a highly complex issue, where the bad
guys are taking extreme measures to circumvent detection. You
describe actions using very minimal tools, expecting to find a
panacea. No such single attribute universal solution exists.

If you are running a commercial, inbound SMTP server, there are a wide
variety of tools and resources available. These include IP based
block lists and spam filtering appliances available.

Some of the DNS block lists are available and free, to individuals in non-commercial settings. By itself, this, too, is insufficient to
deal with the 500 pound gorillas which are too big to recommend
blocking outright.

There are DNSBLs, URIBLs, HashBLs and more, which may be used in
tandem, and may provide some relief from the constant onslaught of
unsolicited bulk junk. There are tools available, which are designed
to use these and other shared data, to mitigate, not solve, the flood
of junk.

While it may be a bit much for the average user, you may be able to
get SpamAssassin, which is quite suitable to bother the single user or
small to mid-sized user-base. The current version is Apache
SpamAssassin 4.0.0, released 2022-12-17.

https://spamassassin.apache.org/

- --
David Ritz <[email protected]>
When dealing with any spammer, one must always keep in mind that you
are dealing with someone who makes their living through forgery, fraud,
theft, subterfuge and obfuscation. Stated simply, spammers lie.

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCZA5pwQAKCRBSvCmZGhLe 65htAKCkPt+e8Jtw2yV3mG1S8euIEfd9lwCfXEqkZskFroVKsqpFop7XYa1MjFo=
=6awt
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/12/23 6:09 PM, David Ritz wrote:

Microsoft (and a number of other mail services) hides originating
IP addresses in their email headers, in order to protect (hide)
the identity of the sender. Right or wrong, this is the state of
affairs with which you are attempting to deal.

I have long configured MSAs to hide the IP that is connecting and authenticating to send a message.

Received: from Contact-TNet-Consulting-Abuse-for-assistance
by ...

I have the information in my mail server logs and can provide it as
necessary.

If you are running a commercial, inbound SMTP server, there are a
wide variety of tools and resources available. These include IP
based block lists and spam filtering appliances available.

These tools are available for non-commercial SMTP servers too.

There are DNSBLs, URIBLs, HashBLs and more, which may be used in
tandem, and may provide some relief from the constant onslaught of unsolicited bulk junk. There are tools available, which are designed
to use these and other shared data, to mitigate, not solve, the flood
of junk.

When used correctly, they can be quite effective and remove most of the
spam.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/12/23 22:33, jei wrote:
..

Even if it could filter by the originating IP address in the raw
message, it wouldn’t be helpful, because I sometimes get useful email messages from Microsoft.

MS has an abuse address. I have reported a few cases and the spam
stopped

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

jei <[email protected]> wrote:

Does anybody have a suggestion for dealing with this situation?

1. yahoo basically isn't mantained. There's no way to contact a human being there that actually knows anything. If you are unable to get off of yahoo
and on to a competently-managed system, your only choice is to deal with Microsoft.

2. You haven't actually shown any headers of this stuff. Seeing the headers probably would be very helpful for people who would like to help you figure
out what is going on.
--scott

--
"C'est un Nagra. C'est suisse, et tres, tres precis."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/13/23 12:45 PM, David Ritz wrote:

I was thinking along the lines of installing an Barracuda appliance,
which is not what I would expect is an appropriate solution for a
random Y! user.

I think the more important difference is if you run your own server or
not; e.g. receive SMTP from the world.

I don't know if it's possible to have a Barracuda in play for something
where you don't host your own SMTP inbound from the world. -- I'm
ignoring something like fetchmail -> SMTP -> Barracuda -> etc.

I would be somewhat surprised if there isn't someone running a Barracuda
for a single user SMTP server.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday, 12 March 2023 19:17 -0600,
in article <tultiu$ue$[email protected]>,
Grant Taylor <[email protected]> wrote:

On 3/12/23 6:09 PM, David Ritz wrote:

[...]

If you are running a commercial, inbound SMTP server, there are a wide
variety of tools and resources available. These include IP based block
lists and spam filtering appliances available.

These tools are available for non-commercial SMTP servers too.

I was thinking along the lines of installing an Barracuda appliance,
which is not what I would expect is an appropriate solution for a
random Y! user.

When used correctly, they can be quite effective and remove most of the spam.

I quite agree. That SpamAssassin relies on and combines these tools
is one or the primary reasons I suggested it, for single user through
mid-sized SMTP providers. (I would not expect MS, the GOOG or Y! to
seek this for spam mitigation, inbound nor outbound.)

- --
David Ritz <[email protected]>
"The Zen nature of a spammer resembles a cockroach,
except that the cockroach is higher up on the evolutionary chain."
- Peter Olson, Delphi Information Engineer; 27-AUG-1998

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCZA9vUwAKCRBSvCmZGhLe 6zUUAKD+VRw72V8DSpZcqp2cFlHFshTfeQCfT8fGFXkYEIlpiBY/ltHqvVVk3Bk=
=cGb5
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)