Sorry, no answer but added weight to the complaint:

After 10 years as a satisfied BT Business Broadband customer, I remain weeks down the line very disappointed with the imposed shift to Office 365. In spite of the promotional emphasis on improved security and reduced Spam, my business has since the (alleged) upgrade seen a fourfold increase in Spam and is also receiving never-before-seen phishing mail. It cannot be a coincidence, not after 10 years. Seems prima facie that Office 365 doesn't enjoy the same quality firewall BT customers were accustomed to and has exposed us all to more of the worst kind of Internet mail activity.

Furthermore I have raised this issue with BT (Office 365) where the reaction was cynical to say the least. Their absolute faith in the Office 365 upgrade is such that no-one appears to believe it could be happening.

Hi,

It may be possible that the person is no longer working with the company so it is happening like that or else for more details please get in touch with the technical support team

I have face the same problem and get the soluction from the virus removal software.

You have to install a antivirus and perform the full scan.

I am also suddenly getting hundreds of non delivery reports since moving to Office 365. I use Office 365 for other clients and accounts and have no problems.

What is happening is that since the move, in my case someone in China is sending spam email through the btconnect servers. I know it is not my PC because you can see the IP they come from in the header, and my mail client users Office365 SMTP servers, not btconnect, and they are being relayed directly through BT. I change passwords for my accounts and they still come.

BT need to sort this out.

I would suggest anyone with this issue calling BT support, the security team should help sort this out.

Here is a sample email header. You can see the connection comes from hn.kd.ny.adsl (EHLO xhrpcqxsn) ([115.58.133.112]) and appears to be authenticating using my account. But I changed the password in Office365 and on the BTconnect website and still they come. I also changed the master account password.

Received: from mail.btconnect.com (c2beaomr07.ncs.ibs-infra.bt.com [10.87.14.167]) by c2beaomr11.btconnect.com (MOS 3.10.10a-GA) with ESMTP id AIA77134; Sun, 15 Apr 2012 09:43:01 +0100 (BST) Received: (from localhost [127.0.0.1]) by c2beaomr07.btconnect.com (MOS 4.3.3-GA) id HBK16789; Sun, 15 Apr 2012 09:43:01 +0100 (BST) Received: from hn.kd.ny.adsl (EHLO xhrpcqxsn) ([115.58.133.112]) by c2beaomr07.btconnect.com with ESMTP id HBK16753 (AUTH MYEMAIL@btconnect.com); Sun, 15 Apr 2012 09:43:01 +0100 (BST) Message-ID: <757051B33427076A449AD4CF076A1D52@xhrpcqxsn> From: =?utf-8?B?56em5YyG5YyG?= <MYEMAIL@btconnect.com> To: <13462628976@163.com> Subject: =?utf-8?B?cXpnZzQzaHQg5aaCIOS9lSDov5sg6KGMIOiHqiDmiJE=?= =?utf-8?B?IOa/gCDlirEg77yf?= Date: Sun, 15 Apr 2012 16:42:53 +0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-Mirapoint-IP-Reputation: reputation=Neutral-1, source=Queried, refid=tid=0001.0A0B0301.4F8A8A09.0056, actions=tag X-Junkmail-Status: score=56/50, host=c2beaomr07.btconnect.com MIME-Version: 1.0 Content-Type: text/plain

This one is interesting, the email went to the btconnect.com servers and then via the Office365 servers (bigfish and outlook).

To me this looks like since the office365 move BT have a security issue.

Generating server: uwnyc.onmicrosoft.com lcarterlong@uwnyc.org #< #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found> #SMTP# Original message headers: Received: from mail184-ch1-R.bigfish.com (216.32.181.170) by  SN2PRD0410HT004.namprd04.prod.outlook.com (10.255.115.39) with Microsoft SMTP  Server (TLS) id 14.16.143.4; Sun, 15 Apr 2012 10:24:15 +0000 Received: from mail184-ch1 (localhost [127.0.0.1]) by  mail184-ch1-R.bigfish.com (Postfix) with ESMTP id 09E0B4E054B for  <lcarterlong@uwnyc.org>; Sun, 15 Apr 2012 10:24:15 +0000 (UTC) X-BigFish: ps37(z5109h5105h5365iwzc89bhzz1202hzzz2dh668h839h93fhd25hd2bh8e5i1c4m) X-FOSE-spam: This message appears to be spam. X-SpamScore: 37 X-Forefront-Antispam-Report: CIP:213.123.20.129;KIP:(null);UIP:(null);IPV:NLI;H:mail.btconnect.com;RD:c2bthomr11.btconnect.com;EFVD:NLI Received: from mail184-ch1 (localhost.localdomain [127.0.0.1]) by mail184-ch1  (MessageSwitch) id 1334485452732077_19096; Sun, 15 Apr 2012 10:24:12 +0000  (UTC) Received: from CH1EHSMHS001.bigfish.com (snatpool2.int.messaging.microsoft.com  [10.43.68.232]) by mail184-ch1.bigfish.com (Postfix) with ESMTP id AE8C340046  for <lcarterlong@uwnyc.org>; Sun, 15 Apr 2012 10:24:12 +0000 (UTC) Received: from mail.btconnect.com (213.123.20.129) by CH1EHSMHS001.bigfish.com  (10.43.70.1) with Microsoft SMTP Server id 14.1.225.23; Sun, 15 Apr 2012  10:24:12 +0000 Received: from mail.btconnect.com (c2bthomr14.ncs.ibs-infra.bt.com  [10.87.69.235]) by c2bthomr11.btconnect.com (MOS 3.10.10a-GA) with ESMTP id  ALP74132; Sun, 15 Apr 2012 11:20:52 +0100 (BST) Received: (from localhost [127.0.0.1]) by c2bthomr14.btconnect.com (MOS  4.3.3-GA) id HBN51537; Sun, 15 Apr 2012 11:20:52 +0100 (BST) Received: from hn.kd.ny.adsl (EHLO czyk) ([125.44.246.44]) by  c2bthomr14.btconnect.com with ESMTP id HBN51472 (AUTH  myemail@btconnect.com); Sun, 15 Apr 2012 11:20:52 +0100 (BST) Message-ID: <DE95B4A13661309EEBABCC2D99BE4EBE@czyk> From: =?utf-8?B?5p2O5pCA5pCA?= <myemail@btconnect.com> To: <21ds@live.cn> Subject: =?utf-8?B?bmI5ZiDlpoIg5L2VIOi/myDooYwg6IeqIOaIkSDmv4Ag5Yqx?=  =?utf-8?B?IO+8nw==?= Date: Sun, 15 Apr 2012 18:20:36 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-Mirapoint-IP-Reputation: reputation=Poor-1,  source=Queried,  refid=tid=0001.0A0B0302.4F8AA0FB.0017,  actions=tag X-Junkmail-Status: score=56/50, host=c2bthomr14.btconnect.com Return-Path: myemail@btconnect.com  

Well I have found out how the spammers are relaying using my clients account. I setup a mail client to use mail.btconnect.com and found I am able to relay using multiple different passwords! They all are variations on an extremely unsecure password, but if I add any number of characters at the end, it still works.

So there is a serious security issue with the BT mail relays, I expect thousands of spam emails are being sent through mail.btconnect.com

I will try to get the security team to do something, but so far they have ignored all my emails.