Use the native apps instead of the shitty outlook app.

Hi Brian Bjerring-Jensen!

I understand your point of view and, in general, I agree with it.

But it's not always that easy...

We have hundreds of different domains on our SmarterMail servers, and almost every domain corresponds to a different customer.

Unfortunately some of these customers WANT to use MS Outlook Mobile and there is no way to change their minds...

Furthermore, we don't know what will happen in the future with Outlook for Windows and/or MAC: what will happen if in the near future Microsoft decides to use the same strategy here too?

Ohh they will. Its a matter of sanitizing your email for info/value.

Private clouds  and not using outlook on laptops/phones is the way forward. Tell your clients that they will violate GDPR using the Outlook app.

Then they will understand and obey :)

Nine and emclient are non-invasive client alternatives to Outlook mobile

Other options:   (1) Tune your country blocking to be less restrictive .   China is the biggest problem, and I would hope that they are not routing traffic into the Great Firewall.

(2) Get a firewall that can do country blocking.  The attacks I have seen have used port 25 SMTP, while Outlook should be able to connect on port 443 using mapi or ews or was.

On our firewalls 56% of crap blocked is from the US.

China is less than 8%.

INdia, Romania, Bulgaria and Brazil is a lot worse.

@Douglas Foster

It also keeps on loading forever and not taking me anywhere.

The block-by-country feature was added because of a specific problem:  password guessing attacks using SMTP AUTH on port 25 from servers in China.    Because my MX is an inbound gateway, no legitimate sender should be trying to log into it, so I was able to use it as a honeypot.    I stopped counting at 20,000 unique IP addresses that were involved in the attack, which persisted over an extended period.    This campaign was detected and reported by multiple users on this forum.    All of our other spam problems pale in comparison.

The block-by-country feature may be useful for other contexts, but you have to consider the risks of cloud-based data centers that are replicated all over the world for redundancy.   If I remember correctly, one of my vendors has data centers in the US, Ireland, and Singapore.  My traffic usually goes through the U.S. data center, but the others are backup if the U.S. center has problems.

My organization also blocks port 443 from foreign countries, for other reasons.  So I don't know if China is cranking up similar attacks on port 443 or other ports, but we should probably expect it. 

Does it log that an IP is "auth blocked by country"? 

I'm still seeing login attempts (unsuccessful) from China despite it being blocked?

Or will it only block login if the attempt is successful?

[2024.01.17] 10:10:55.418 [59.46.193.187][47860066] Country code: CN

[2024.01.17] 10:10:58.093 [59.46.193.187][47860066] cmd: EHLO [59.46.193.187]

[2024.01.17] 10:10:59.425 [59.46.193.187][47860066] cmd: AUTH LOGIN

[2024.01.17] 10:11:00.780 [59.46.193.187][47860066] Authenticating as ..