Deliverability and forwarding from Outlook have resumed as usual. We're still actively monitoring the situation to prevent any reignition, but this is the all-clear for now.

We'll provide a detailed post-mortem along with action items for this incident in the coming days.

We've been able to manage the issue on the human level, with the abusive customer removing approx 800 DNS entries from their setup to avoid ImprovMX being the destination server of bounce reports.

We are already seeing connections dropping and a more manageable environment overall. We will continue monitoring in the next few hours, but emails should gradually get more and more accepted on the first try.

We're currently battling an attack on our infrastructure which is leveraging Microsoft email servers (specifically Outlook) to send up to 100k connections per minute our way.

This means that emails originating from Microsoft servers and trying to hit a redirection alias created on ImprovMX are soft-bouncing. Outbound traffic to outlook isn't affected, nor is any other email provider.

Unfortunately, there is no quick way for us to block the incoming traffic, but we've identified the cause of the problem and are working on multiple levels to get this resolved as soon as possible.

1) Human - if the ESP block the bad actor, the problem is solved in a minute. We've been very insistent, but if it doesn't work, we'll start legal action to get movement

2) At the Microsoft level. We've lodged complaints through several channels so that they stop sending all the bounce reports back for that specific IP range. Unfortunately, this is usually very slow and doesn't get solved quickly.

3) At our technical level - We've increased AWS instances to the maximum we can afford (we're 10xing costs for this month - erasing all profits basically). It's like increasing the size of a leaky bucket, but it works temporarily.