Campaign Started - Now Microsoft hits my website with thousands of anonymous IPs in a few minutes. WHY?

PLEASE HELP

Mautic 4.4.9
I have been using Mautic for several years. We are an authorized Microsoft Partner. We use Mautic instead of Salesforce for outbound campaigns.
Over the past few months I have been hit by thousands of anonymous IP’s belonging to Microsoft. All within two or three minutes.

Between campaigns of every 6 to 8 weeks Microsoft stops hitting my website.

As soon as the next campaign starts; Microsoft hits my site with thousands of anonymous IP hits within a few minutes.

  1. Why is Microsoft hitting my website thousands of times with anonymous IP’s all within a few minutes?
  2. Why would they do this only when I have a campaign running?
  3. Has anyone else experienced this issue with Microsoft?
  4. Any thoughts on why this is happening and how to stop it?

Thanks for any input you have.
Richard

1 Like

Not possible, that once you run campaign and emails are delivered to outlook mailboxes, some spamfilter checks the content of your landing page te determine if it’s safe?

1 Like

June 28th I started the campaign. The campaign is broken into daily sends of about 2,500 contacts. This prevents one huge hit to my website statistics and disburses the hits over about 16 work days. It also allows us to follow up the day contacts show interest. I don’t believe we are emailing any Microsoft contacts.

On Jun 29th thousands of Microsoft anonymous IP’s started appearing in Mautic. (Maybe they aren’t hitting our website but going to the AWS server directly?)

I have 12 screen images of 12 pages of Microsoft IP’s in Mautic if you are interested in seeing this.

Any thoughts on how to stop it?

You can block IP ranges in cloudflare.
You can also do it in apache config.
You can block Bing.
I can’t give you specifics, that depends on your setup, but maybe someone here can chime in.
This is not a Mautic related issue, rather a server admin issue.

Is it microsoft ip’s or azure’s?
What do they do?
If it is the cloud it might be bots running in their cloud with good/bad intenssions. Can even be related to the infrastructure you are running on.
I had an issue with ips from azure that i had to block using the user agent string.

They are Microsoft IPs. Looking into adding a firewall and will block the IP ranges.
Microsoft IP Ranges to block

192.88.134.0/23
185.93.228.0/22
66.248.200.0/22
208.109.0.0/22
2a02:fe80::/29 (in case of IPv6 support)

Thanks for responding.

I"m not a developer so “user agent string” isn’t familiar to me. Is this easier than adding a firewall?

Be Well,
Richard

I looked into 2 of the ips using a whois service.
Didnt see how they relate to microsoft.
Looks like a godaddy and sucurri ip’s which is also a godaddy company.

User agent string is a browser brand / version kind of id that is submitted by the browser (and bots) to the server. So it is a way to identify many requests from many ips when you can identify a non standard user agent.
It can be used in cloudflare firewall.

Thanks!
I don’t have cloudflare set up with the Mautic instance.

Not sure why the IP’s don’t return as Microsoft. I must have the wrong range.

Here are some of the individual 950 IP’s
104.200.17.131
104.212.59.152
104.212.59.154
104.212.59.157
104.212.59.159
104.212.59.161
20.109.144.45
20.119.242.15
20.125.60.209
20.163.242.83
20.228.100.66
23.101.122.145
23.99.227.98
4.154.25.175
4.154.28.165
40.77.167.211
52.168.137.228
20.15.133.185
52.167.144.112
40.77.167.97
40.77.167.210
20.120.134.41
Just a few of the 900+ IP’s.

We have the same problem. Microsoft Exchange or OWA seems to test all links in an email i imagine for a security check. This is polluting Mautic audit trail and worse gives some user points.
Blocking Microsoft address could have the adverse effect that it is not delivering the email to the user but not sure.
Mautic should at least filter those IP addresses coming from “robots”