I don't know if you have seen this or not Douglas, but we have also observed more than one of their IP addresses on RBL lists. I can't remember which one off the top of my head, but it was a large list like Spamcop. We have seen this recently and multiple times.

Of course end users just can't understand why they don't get the email from the sender using MS365. I mean Microsoft can't be doing anything wrong, so it must me my provider doing something wrong in not delivering the message, right? (I would have tagged the previous sentence sarcasm, except that is actually, exactly what the perception from end users tends to be.)

Hey guys! 

I have been seeing a lot of what John is seeing. Spam coming from MS IPs.

Also Doug, I have reached out to our Microsoft specialists to see if I can get any further info about these things.

Same here as John.  Several times last month Office 365 and Hotmail (outbound.protection.outlook.com) showed up on SpamCop, SORBS, and Backscatter.

Trying to tell the customer that their IP is sending spam can be cumbersome.  The mindset is that they are using "Microsoft" so they must not be the problem.  The problem resides with us, a little Mom & Pop shop using SmarterMail.  We ask them to start a ticket with Microsoft and they become angered.

All of the spam coming from computer-generated *.onmicrosoft.com domains should put their addresses on the RBL lists.  I block everything from *.onmicrosoft.com except for two domains that are known business partners.

It seems to me there should be no emails coming from onmicrosoft.com domains, as these are tenant internal AD aliases.  Therefore, I see no problem blocking them.

AWR.. I have seen plenty MS customers actually use the onmicrosoft.com domain as their main email domain. This is why I'm not blocking them. Should they be using it? Not really. But they do :(

@Douglas, I would consider sending that list, especially #5, over to "Bleeping Computer" and have them write up a little article about it. THAT might get MS attention. 

Update Weds April 3, 2024

Added bullet points 6 and 7 to the list, for completeness, even though they have been discussed previously on this forum:

#6: Microsoft servers do not always wait for SMTP result code when submitting a message

#7: Some Outlook implementations leak credentials and data to Microsoft.

Microsoft announced at least a couple years ago that #7 would be for all clients in the future. I think this may have already happened. There was a blog post here on the SmarterTools website about it. I have seen some behavior from a few of my clients that use the MS365 version of Outlook that would suggest it is already doing a proxy through Microsoft servers rather than directly connect to the mail server. In fact is was just a few months back I noticed Microsoft owned IPs connecting via POP3 and IMAP to my server.

John is correct.  While I have not seen these blog posts, I can confirm that over the past couple of months, all autodiscover traffic (mostly EAS) I have been troubleshooting for customers, and my family's Windows Mail/New Outlook IMAP traffic has been coming from Microsoft.  I have not yet seen this with Outlook proper (2016-2021,) but I suspect it is coming.

I am encouraging my customers' IT to look into K9 Mail for Android and alternative IMAP clients for Windows, such as Thunderbird.

It has been 20 years since the Microsoft Love In of the 2000s, with which came free copies of dotNet development kits, Windows XP, Office 2003, and Server 2003, free TS2 seminars, TechNet subs and MAPS.  We all got on-board the Microsoft train and here we are: Governor Tarkin now runs the rails of technology and the grasp is tightening.