I have a customer who's Exchange Online tenant is getting bombarded with spam from Hotmail and outlook.com free accounts. The spammers are creating "one-and-done" accounts with the following format:
firstname1234lastname5678@hotmail.com
firstname1234lastname5678@outlook.com
This particular tenant is receiving 1,000's of messages from these senders, so blocking them one-by-one or adding them to the tenant blocklist isn't feasible...neither is blocking the Hotmail/Outlook TLD because genuine senders could still be using those services.
So, I've come up with a regular expression to add to a Transport Rule (aka Mail Flow Rule) to block those by the text patterns.
Regex:
The patterns will look like so:
'^[a-zA-Z]+[0-9]+[a-zA-Z]+[0-9]+@outlook\.com$'
'^[a-zA-Z]+[0-9]+[a-zA-Z]+[0-9]+@hotmail\.com$'
Transport Rule:
We'll create a Transport Rule with the following settings:
Apply this rule if…
The sender... is external
The sender... address matches any of these text patterns:
'^[a-zA-Z]+[0-9]+[a-zA-Z]+[0-9]+@outlook\.com$'
'^[a-zA-Z]+[0-9]+[a-zA-Z]+[0-9]+@hotmail\.com$'
Do the following…
Modify the message properties... set the SCL to 9
**Note** Or you can just straight up block the messages, but I would do that after testing to ensure it’s catching these properly.
Now, you should see much less spam from Hotmail/Outlook.com until Microsoft can shut them down...they are starting to institute new throttling rules on new accounts, so hopefully that'll help.
No comments:
Post a Comment