We're struggling with a surge of spam from Kagoya.net, where spammers are cleverly using '127.0.0.1' in the email headers to trick our O365 protections into thinking these are internal messages. Just yesterday, we received a similar scam message directly from O365, again abusing the header with '127.0.0.1.' I'm curious if anyone else is experiencing this aggressive spamming campaign and what steps we can take to get Kagoya blacklisted. Any advice would be appreciated!
3 Answers
I think it's time to start adding '127.0.0.1' to my regex filters for inbound headers. Gotta stay ahead of these spammers!
Yeah, we've noticed a lot of spam coming from kagoya.net too. Do you really need to allow emails from Japan specifically? Just asking!
Have you checked the headers of those spam emails? They usually fail SPF/DKIM, which is a good indicator. I created two Exchange transport rules: one quarantines messages from our own domains that fail SPF, and another catches messages from Kagoya’s subnets.
No, we don’t need to allow specific emails from there since we’re a US operation.