Incident report: Spam attack.. [Updated]
On Tuesday 2026-03-03, a number of user accounts on Kolab Now was used to send out large amounts of spam. The spammers didn’t get to send out much mail. Most of it was stopped in the Kolab Now exit filtering, but the spam rating of the mails going out unfortunately was high and caused Microsoft online services, specifically outlook.com, hotmail.com, to add two of the Kolab Now exit IP addresses to their block lists. This caused emails sent to recipients on these services to bounce with messages like:
550 5.7.1 Unfortunately, messages from [212.103.80.154] weren’t sent.
Please contact your Internet service provider since part of their network is on our block list (S3150).
The spammers were identified and stopped, but the damage was done.
The Kolab Now staff immediately started the delisting procedure with the implicated services, but the (digital) reputation needed to be restored, and that took some time. On Wednesday midday, the two IPs were fully delisted and restored, however many emails were already sent back to senders, and caches on mail relays across the internet needed time to restore the Kolab Now reputation.
Thursday, we still saw a few mails being returned, but most of these mails was ‘leftovers’; emails that was sent and bounced earlier, but being returned very slowly.
At this time, Friday morning, we do not see any bounced messages (caused by the blocklisting). We have found weak spots in our spam handling for this specific situation. We are going to mitigate these weaknesses as soon as it is possible, and surely avoid that these are moving over to the new systems and hardware together with the rest of Kolab Now.
Please note that this situation in no way had any relation to the ongoing work on the migration of Kolab Now described elsewhere in this blog.
We regret any inconvenience that this may have caused you as a user.
[Update 2026-03-09 ; 14:49] – We kept hearing from a few users about more bounced mails from Outlook and Hotmail. This was unexpected after the delisting on Wednesday, and we reopened the support ticket with the ‘Outlook.com Deliverability Support Team’ this morning. They have now assured us, that “Nothing was detected to prevent your mail from reaching Outlook.com customers”. We trust that, when the change they made has replicated across the internet, then the issue should be resolved.
Should you be one of the few users who still see bonced mails with the “(S3150) block list” message, and you still see these bounced messages tomorrow (Tuesday) morning, then please contact support with the copy of the message.