Spam

[Clitheroekid]

I have an effective spam filter, and receive very little, but over the past couple of weeks I've been receiving spam from addresses that all end in onmicrosoft.com. A typical address is azrou_pwuaFPXXkhC@uacozmxd.onmicrosoft.com

Normally, I'd just block the sender's domain name, but this doesn't work because of the random letters in front of the onmicrosoft.com section.

So is there any way to block these messages? It's not a major problem, but it's certainly irritating.

[bungeejumper]

I can't speak for other email clients, but my Thunderbird filters allow me to specify that the sender's ID includes the chosen term - it doesn't need to be identical.

Then any messages can be destroyed, marked as junk, or sent off to a subfolder of your choosing so that you can scan them at your leisure.

BJ

[SalvorHardin]

I second bungeejumper's idea about looking for options like "contains" or "includes" in your email client spam rules and trying that.

Many years ago, back in the days of MS-DOS based email clients (and early versions of Windows), you were able to use the "wild card" symbol * (the asterisk) in MS-DOS to mean "every character". This could be used in email addresses. So putting * before the @ in an email address meant blocking everything from everything to the right hand side of @

So two entries which might work:

*@*.onmicrosoft.com

*@*onmicrosoft.com

https://en.wikipedia.org/wiki/Wildcard_character

Wild cards were highly effective in the "Turnpike" email and news program (I used Turnpike a lot when my ISP was Demon Internet, before Vodafone bought it).

[Infrasonic]

It will depend on your email provider/domain host as to whether you can do wildcarding as suggested above - many of the large webmail providers won't let you do it these days.

An additional fly in the ointment if you start blocking domains (which the webmail providers generally do allow) is that if the spammers are spoofing legitimate domains from the likes of Microsoft then you could have a knock on effect to legitimate email from those domains also being blocked/deleted. Been there, got the T- shirt...

https://en.wikipedia.org/wiki/Email_spoofing

https://answers.microsoft.com/en-us/out ... a4b9749e0e

[mutantpoodle]

FAO Clitherokid

you say that you have a very effective spam filter

may I ask what it is please if its not a private thing
as Hotmail/Outlook are quite useless at blocking or filtering spam, and I get about 10 daily

thanks

[Clitheroekid]

FAO Clitherokid

you say that you have a very effective spam filter

may I ask what it is please if its not a private thing
as Hotmail/Outlook are quite useless at blocking or filtering spam, and I get about 10 daily

thanks

I use Outlook. Unfortunately, I have zero technical knowledge. It was installed by the guy who deals with my IT, so whether he tweaked it to filter spam more effectively I’m not sure. But apart from those from the domain mentioned above there are hardly any that make it into my inbox.

I do check my junk mail folder occasionally, and it would appear that I’m getting 10 to 20 spam emails a day, nearly all of which are effectively diverted.

[scrumpyjack]

I find that gmail automatically filters out virtually all spam with me having to do anything.

[dionaeamuscipula]

I second bungeejumper's idea about looking for options like "contains" or "includes" in your email client spam rules and trying that.

Many years ago, back in the days of MS-DOS based email clients (and early versions of Windows), you were able to use the "wild card" symbol * (the asterisk) in MS-DOS to mean "every character". This could be used in email addresses. So putting * before the @ in an email address meant blocking everything from everything to the right hand side of @

So two entries which might work:

*@*.onmicrosoft.com

*@*onmicrosoft.com

https://en.wikipedia.org/wiki/Wildcard_character

Wild cards were highly effective in the "Turnpike" email and news program (I used Turnpike a lot when my ISP was Demon Internet, before Vodafone bought it).

You *can* do this in Outlook's junk options.

DM

[Infrasonic]

I second bungeejumper's idea about looking for options like "contains" or "includes" in your email client spam rules and trying that.

Many years ago, back in the days of MS-DOS based email clients (and early versions of Windows), you were able to use the "wild card" symbol * (the asterisk) in MS-DOS to mean "every character". This could be used in email addresses. So putting * before the @ in an email address meant blocking everything from everything to the right hand side of @

So two entries which might work:

*@*.onmicrosoft.com

*@*onmicrosoft.com

https://en.wikipedia.org/wiki/Wildcard_character

Wild cards were highly effective in the "Turnpike" email and news program (I used Turnpike a lot when my ISP was Demon Internet, before Vodafone bought it).

You *can* do this in Outlook's junk options.

DM

Yep and all legit emails sent from onmicrosft.com or subdomains will be blocked.
The spammers are using well known domains like Microsoft, eBay, PayPal etc. to spoof from, all you're doing by wildcard blocking them is potentially sending a load of legit email to the trash (or worse if they silently drop it). That's why the spammers are using them, to get around domain blocks...

I've been though all this multiple times with a heavily spammed Hotmail account, I eventually ran out of blocks (500) and word filters also started routing legit emails to trash.
There is no easy way around this unless you want to run your inbox as safe senders/contacts only and then you'll spend multiple times a day checking quarantine/spam folders for legit email. (I actually run my oldest Hotmail address this way now and it's a PITA to admin...).

Edit; The big webamil providers are tightening up the authentication rules this year to try and reduce the spoofing /aliases issue. The problem they face is if they tighten it too much legit email with minimal DNS/TXT authentication settings in place will get treated the same as spammers - catch 22...

[Midsmartin]

Those onmicrosoft.com domain names are what you get when you sign up for An office365 account but don't use your own custom domain.

If you block them all, there's a chance you'll block legitimate email from a Microsoft365 subscriber.

They could originate from a hacked Microsoft365 account being misused.

[Infrasonic]

...They could originate from a hacked Microsoft365 account being misused.

Or a month free trial account being burnt as a spammer account until it gets closed down, which would explain it getting through to CK's inbox which would require at least some authentication (and a low spam filter score). Looking at the message source headers will show if it's fully authenticated (ARC/SPF/DKIM) or not and what it has scored on spam filters.

Sending from Microsoft to Microsoft/domain is probably going to be less onerous from a spammers perspective - I've seen plenty of those nonsense(@)nonsense.onmicrosoft.com spam emails to my Hotmail account.

[Infrasonic]

Here's an example message source header for these onmicosoft subdomain spam emails from my Hotmail spam folder today (there's a couple in there). If this is all gobbledegook to you there's an analyser here, copy paste it all into that...https://mxtoolbox.com/EmailHeaders.aspx

Received: from AS8P250MB0135.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:376::9)
by GV1P250MB0905.EURP250.PROD.OUTLOOK.COM with HTTPS; Tue, 16 Jan 2024
16:47:50 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;
b=K726GJI6hiQsF27mFOpIvZoazpGlcScK29ztREBMlPWXRGFR0FtaQRICxzCGknrCqIjGWarJOMBHtNFIUxmiZQ+/LKnJUMtP5BrnlikT2HZrQtYwTcAWfEVmR8OfFWLsYeLEnRiqVgkzBbPbKTbSc/IVNSp5hQIaJiwYct8vaTWKDV7SplWDn1c5Mvl6Yffmbn4RyasKxARpWFz8UPmm882smmTMAlaSfihcRyKB/PxRsKbTNjxVidQE+Z/NoN2PbYrXbLx3rxpyZYyReK2C/7/UuBOcMgXnL2vWZxdaV+nEd9r0OOldqvMrZZSsTovwvPU5u2TzCtjF2DNRVp4+rQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=jFkO0TaR3IPO0brTkgLeFSuJe8O0GES9lqsuTcxLA3s=;
b=OKqP6fC9Brq76ABS+fymDBrDVOLfWkDeMVq+auYJB0XcZJMoMh43EkU2EG4k7Iq0oierW4l/cPfdnNpCQbpPBtIPy9mcKfJgNmFS3cPxqwgTLt3mZ/yesWBKmhyGyctoM/S+E6Zrh2BE6q61Pb4P0mON93/HiBo9S55jomE74Xu6EpfrWGUEdTKwuVU1RbOvA/ojH9fZJNGv1vu1mC/p1Oh+HKkI5zsT1s3qXNJbom7z7jmGmetePTb7Jc4ZS27d4zQsJfo2gEpklye8uY7odmUmy6j+dtJ7N6Vj63Kdzhb+SVf6oglzJppxFXIvR4vkZxo1XtFUyMWFRP5hqX5uAg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
104.47.73.168) smtp.rcpttodomain=hotmail.com
smtp.mailfrom=lrku.onmicrosoft.com; dmarc=bestguesspass action=none
header.from=lrku.onmicrosoft.com; dkim=none (message not signed); arc=pass (0
oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=lrku.onmicrosoft.com]
dkim=[1,1,header.d=lrku.onmicrosoft.com]
dmarc=[1,1,header.from=lrku.onmicrosoft.com])
Received: from AS8PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:20b:451::23)
by AS8P250MB0135.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:376::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.29; Tue, 16 Jan
2024 16:47:38 +0000
Received: from AM6EUR05FT010.eop-eur05.prod.protection.outlook.com
(2603:10a6:20b:451:cafe::fe) by AS8PR07CA0023.outlook.office365.com
(2603:10a6:20b:451::23) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.22 via Frontend
Transport; Tue, 16 Jan 2024 16:47:38 +0000
Authentication-Results: spf=pass (sender IP is 104.47.73.168)
smtp.mailfrom=lrku.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=bestguesspass action=none
header.from=lrku.onmicrosoft.com;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of lrku.onmicrosoft.com
designates 104.47.73.168 as permitted sender)
receiver=protection.outlook.com; client-ip=104.47.73.168;
helo=NAM04-MW2-obe.outbound.protection.outlook.com; pr=C
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (104.47.73.168)
by AM6EUR05FT010.mail.protection.outlook.com (10.233.240.157) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7181.23 via Frontend Transport; Tue, 16 Jan 2024 16:47:37 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:FC3E04BD2B696FE0FF086CDF2DD6C967E6CCEDA65B599DC37092B65F465066CD;UpperCasedChecksum:D810BC12F2BB18F844779F55354FB66AEB56C0D32DE43AA94A75F1D5B33F6560;SizeAsReceived:7918;Count:38
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Jqnb/+8jOSvDJqmSyG1QkURLcMpIOiWb4a3Ck/WU1posXXOrpvn3G9y4QVfMxmRmk0gb+iHFnmLSuOVBn+QUtzYXhNb+9DzMuW/XFm5DyU2GPIRJnIzhh9HpZQzXRoeA/rRSWnS3m2HqWXfI6vQOaJJYpD9xQJ0R7PtTCAHX/eemNJJmG+sN/ijsmcMpkjyiJ+wIlE3i1HgMcqsr2yGeXKgLmkDl80O0P8Q+s3Oj5QnTRFXOkDDP7sHeSWvpCD7OJUQT22Or9hTEHXgW7sIhajID7ADbCc2XK7W5ifm3f+DYycKhSVRdYP03m7pyLw5LONiJn4qeuYv+/9PgMbDPMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=jFkO0TaR3IPO0brTkgLeFSuJe8O0GES9lqsuTcxLA3s=;
b=b7pLhx9d0bjw0Ne5ll5FErQH7UdbwOKYske9sbyFRrTyh1axjmSCoiYptvloaFfLXX6vyaTktN9yV97RVtYpGi0i2J64YYK3o+IS2u0MMhajpaI9jmu+PKxAFwAZUIr65+H+eD+FWe2O86bk0LRAL3sTXNbAfcrBG+vld+whnPYp8klMSodmCW+r056cm3DZDxQoCRf5nv4l4VVhHCJ1JGH8Ov2PrYK33DQ1AnHw4W2WnuUVwMdsdtsv+REdyhkpp6DN8DjMevtcQN40fDnhKoy+BuxLuvSHUVgQft2ydhOYnEu2DyeRodwHaOOnVl1dAnFzETjY9CnRSJAa6IM1kg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=lrku.onmicrosoft.com; dmarc=pass action=none
header.from=lrku.onmicrosoft.com; dkim=pass header.d=lrku.onmicrosoft.com;
arc=none
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=lrku.onmicrosoft.com;
Subject: Take a Survey and Win Tupperware Modular Mates 36 PC Set
To:**********(@)hotmail.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
List-Unsubscribe: <mailto:76704b3d-31ba-40f6-9aca-68e44c086f23@lrku.onmicrosoft.com>
From: "Kroger Rewards Club"<76704b3d-31ba-40f6-9aca-68e44c086f23@lrku.onmicrosoft.com>
Reply-to: 76704b3d-31ba-40f6-9aca-68e44c086f23@lr ... rosoft.com
X-Unsubscribe-Web: <http://aphilosopher.xyz/cnQ2bjhlZ2ZYTUpNekZMWGg1ckZVOHZFNGtOb29sL3pvb0FWN2haTjM4MGNBOStKdkdndUdYL1NIRjkyOE5EbEx5bGhjQ1h4MllPeHJQcDBIRVhYK1dxQm5Yc2E5cEdkdTBtVVg2Nks5VGs9><http://aphilosopher.xyz/58300234257607>
Date: Tue, 16 Jan 2024 17:47:21 +0100 (CET)
X-ClientProxiedBy: AM9P192CA0029.EURP192.PROD.OUTLOOK.COM
(2603:10a6:20b:21d::34) To PH8PR20MB5510.namprd20.prod.outlook.com
(2603:10b6:510:222::21)
Return-Path: 76704b3d-31ba-40f6-9aca-68e44c086f23@lr ... rosoft.com
Message-ID:
<PH8PR20MB551079CD7A99E2E0275AA253B7732@PH8PR20MB5510.namprd20.prod.outlook.com>
X-MS-TrafficTypeDiagnostic:
PH8PR20MB5510:EE_|SA1PR20MB7530:EE_|AM6EUR05FT010:EE_|AS8P250MB0135:EE_|GV1P250MB0905:EE_
X-MS-Office365-Filtering-Correlation-Id: 1325fee0-da30-4226-d162-08dc16b2d8ff
X-CAA-SPAM: F00000
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;