Yesterday I received marketing spam from "Microsoft <replyto@email.microsoft.com>" advertising something apparently called "Microsoft Build" which is either a website or a marketing event: IDGAF. Spam was sent via Marketo, which I gather is now part of the sewer we call Adobe. It was absolutely authentic. Fully authentic Microsoft spam passing SPF, DKIM, and DMARC.
That spam was sent to my oldest and most widely scraped address (bill@scconsult.com) which I've literally never given to anyone for subscribing to or purchasing anything and which I am 100% certain I've never given to Microsoft in any way intentionally. There is no indication in the spam of any associated MS account. My comprehensive 29yr archive of all email ever received by that address has NO prior mail from MS. There was an unsub link, which got a page which revealed that I was somehow subscribed to multiple marketing bullshit lists. That page offered me a link to my "profile"(!?) which seemed to start to want to load up a page with an image and text placeholder blobs pulsing a bit before switching to a generic Microsoft account signup/login page. MS knew what my email address was and had me subscribed to multiple lists in some sort of "profile" without even asking me and without associating it to any actual MS account that I could conceivably access. I do have multiple MS accounts that I need for work purposes, and one I use for testing, but none of those are associated with bill@scconsult.com (except as a correspondent.)
In my opinion, this is an indication that the default welcomelist entries in the official SpamAssassin rules for '*@*.microsoft.com' are inappropriate. Note that there is an entry for '*@accountprotection.microsoft.com' which is still justified as far as I know. This is entirely unrelated to any domains hosted by Microsoft, it is strictly an email address welcomelisting (see SA docs for details.)
I will be committing the rule change today and it should appear in the default rules distribution channel by Monday. Anyone who is relying on that SA welcomelisting to accept wanted mail from MS should do so locally based on the specific local needs. I will also document this in a bug report, which I will resolve, to have a record of when and why this was done.
This may raise some questions and trigger a debate on the formal meaning of the SA default welcomelist entries. That debate belongs on the SpamAssassin Users List, but may pop up elsewhere. I believe that we have left a gap there in having a quite vague definition of what default welcomelist entries represent. As far as I know, clear criteria for inclusion have never been promulgated and accepted by the PMC or the user community.
More to follow in a separate thread.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
That spam was sent to my oldest and most widely scraped address (bill@scconsult.com) which I've literally never given to anyone for subscribing to or purchasing anything and which I am 100% certain I've never given to Microsoft in any way intentionally. There is no indication in the spam of any associated MS account. My comprehensive 29yr archive of all email ever received by that address has NO prior mail from MS. There was an unsub link, which got a page which revealed that I was somehow subscribed to multiple marketing bullshit lists. That page offered me a link to my "profile"(!?) which seemed to start to want to load up a page with an image and text placeholder blobs pulsing a bit before switching to a generic Microsoft account signup/login page. MS knew what my email address was and had me subscribed to multiple lists in some sort of "profile" without even asking me and without associating it to any actual MS account that I could conceivably access. I do have multiple MS accounts that I need for work purposes, and one I use for testing, but none of those are associated with bill@scconsult.com (except as a correspondent.)
In my opinion, this is an indication that the default welcomelist entries in the official SpamAssassin rules for '*@*.microsoft.com' are inappropriate. Note that there is an entry for '*@accountprotection.microsoft.com' which is still justified as far as I know. This is entirely unrelated to any domains hosted by Microsoft, it is strictly an email address welcomelisting (see SA docs for details.)
I will be committing the rule change today and it should appear in the default rules distribution channel by Monday. Anyone who is relying on that SA welcomelisting to accept wanted mail from MS should do so locally based on the specific local needs. I will also document this in a bug report, which I will resolve, to have a record of when and why this was done.
This may raise some questions and trigger a debate on the formal meaning of the SA default welcomelist entries. That debate belongs on the SpamAssassin Users List, but may pop up elsewhere. I believe that we have left a gap there in having a quite vague definition of what default welcomelist entries represent. As far as I know, clear criteria for inclusion have never been promulgated and accepted by the PMC or the user community.
More to follow in a separate thread.
--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire