cR0w 
Little phishing campaign this morning. Just some scareware type stuff hosted on windows dot net. Again. Maybe take a look at your web and / or DNS logs ( if you have them ) for something like this:
^[a-z]{8,9}\.z[0-9]{1,2}\.web\.core\.windows\.net$
And here is a list of over 900~~0~~ IPs sending the messages. They're spoofing the sender so they fail on SPF and DKIM if you're enforcing those. Also, lots of residential IPs so this is meant more for hunting rather than proactive blocking. Unless you want to block them just at the mail server.
scottley