Comment Re:wait, what? (Score 1) 35
The more pertinent question then is how do we spin this into *finally* having a valid justification for having all those "power naps" in the office?
"v=spf1 ip4:216.32.180.228 include:spfa.microsoftonline.com include:spf-exacttarget.microsoftonline.com include:spf-msods.microsoftonline.com include:spf-mfa.microsoftonline.com include:_spf-ssg-a.microsoft.com -all"
They've got the "-all" in there, which is good, but also a whole bunch of "include" directives, including one that refers to ExactTarget a third party MSP, but the one that appears like it could possibly be the problem is the last one. That contains a further include, and in there is "spf.protection.outlook.com". All the includes do have "-all" but, AFAIK, that domain covers the outbound mail gateways for a least some parts of the Outlook.com webmail service, so if the spammers have been able to a suitable account using a server within one of the many IP ranges listed in that include that doesn't properly restrict the domains able to send their mail, then they are good to go.
"Bond reflected that good Americans were fine people and that most of them seemed to come from Texas." - Ian Fleming, "Casino Royale"