Office365 anti-spam rules: empiric tests led to decoding of two rules (42882007 and 78352004)

Question

Office365 anti-spam rules: empiric tests led to decoding of two rules (42882007 and 78352004)

ipSlav opened this issue a year ago · 3 comments

Hi there,
While performing some empiric tests during an engagement, abusing MS Direct Sender for spoofing purposes, I noticed that (while using the exact same email pretext) the antispam rules 42882007 and 78352004 are matched when a replyTo address is missing. In this context this has been confirmed and easily fixed by adding the -ReplyTo flag while sending the email from Azure CloudShell with the Send-MailMessage command.

Answer 1 · 2023-06-06T17:28:32.000Z

Hi @ipSlav, that sounds like a terrific finding! How would you propose to name these two rules? :)

Answer 2 · 2023-06-07T08:00:56.000Z

Ehi @mgeeky! Well, I would say something very simple as Missing Reply-To Address might be ok. In any case if you have a different proposal feel free to share :)

Answer 3 · 2023-06-27T19:17:43.000Z

Landed now :) Sorry it took me so long!

Once again thank you for terrific finding! :)