Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Office365 anti-spam rules: empiric tests led to decoding of two rules (42882007 and 78352004) #15

Closed
ipSlav opened this issue May 31, 2023 · 3 comments
Closed

Office365 anti-spam rules: empiric tests led to decoding of two rules (42882007 and 78352004) #15

ipSlav opened this issue May 31, 2023 · 3 comments

Comments

@ipSlav
Copy link

ipSlav commented May 31, 2023
edited
Loading

Hi there,
While performing some empiric tests during an engagement, abusing MS Direct Sender for spoofing purposes, I noticed that (while using the exact same email pretext) the antispam rules 42882007 and 78352004 are matched when a replyTo address is missing. In this context this has been confirmed and easily fixed by adding the -ReplyTo flag while sending the email from Azure CloudShell with the Send-MailMessage command.
@mgeeky
Copy link
Owner

mgeeky commented Jun 6, 2023

Hi @ipSlav, that sounds like a terrific finding! How would you propose to name these two rules? :)

@ipSlav
Copy link
Author

ipSlav commented Jun 7, 2023

Ehi @mgeeky! Well, I would say something very simple as Missing Reply-To Address might be ok. In any case if you have a different proposal feel free to share :)

@mgeeky
Copy link
Owner

mgeeky commented Jun 27, 2023

Landed now :) Sorry it took me so long!

Once again thank you for terrific finding! :)

@mgeeky mgeeky closed this as completed Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mgeeky @ipSlav