question

HBK-1084 avatar image
0 Votes"
HBK-1084 asked HBK-1084 commented

Dev getting SPAMMED by Microsoft SmartScreen <smrtscrn@microsoft.com>support tickets

Hello,

I am currently being spammed with support tickets.

One of our clients sites was falsely accused of having phishing attempt on the site by Microsoft's SmartScreen. After reviewing both the site and the code base to determine that nothing had been added or change to the site, I submitted ONE request for the site to be reviewed. This created the original ticket [Ticket - 1 - bbce1e0d-2f58-420a-bbc7-24d2df7989d1]

I got the initial email at Apr 21, 2021, 11:05 AM.

Then the flood gates have opened. At Wed, Apr 21, 11:21 AM I received my second email with a different ticket number - [Ticket - 1 - 0af39858-d6f3-42a2-8d6a-03d4c9be1505].

It gets worse from here on in. I have received over 2450 emails from Microsoft Smartscreen, each with the same content. It essentially flooded my inbox which I have had to rectify by adding in filters. I have had no help from Microsoft who has actually stated I should BLOCK their support email.

Regards
Luke

ms-edge
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered HBK-1084 commented

From what you explained, I believe this is not from Microsoft but it is rather an spoof email.
Check the message header and I believe this is not Microsoft and from third-party where spoof the Microsoft.
You shouldn't block the Microsoft domain and instead you have to block the malicious header or the IP of the attacker.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Reza,

I have copied and pasted all the lines with "HEADER" in them. Can you please tell me where the spoof is please;

    dkim=pass header.i=@microsoft.com header.s=selector2 header.b=ZUJhbMQG;
    dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
    dkim=pass header.i=@microsoft.com header.s=selector2 header.b=ZUJhbMQG;
    dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
authentication-results: hbk.com.au; dkim=none (message not signed) header.d=none;hbk.com.au; dmarc=none action=none header.from=microsoft.com;

Regards
Luke

0 Votes 0 ·

@Reza-Ameri - can I please have an answer, as I have also started replying to one of the support ticket emails and have not gotten a response.

0 Votes 0 ·