Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Microsoft classifies own emails as junk
173 points by YellowTech on Feb 6, 2023 | hide | past | favorite | 135 comments
While going through my Outlook junk folder, I noticed that nearly all my Azure related mails are classified as such.

These e-mails are all real and also sent by addresses like azure@email.microsoft.com with the source SMTP server being in a subdomain of PROD.OUTLOOK.COM.

How comes that Microsoft would not just whitelist their own domains on their own e-mail service?




The fact that Microsoft doesn't just whitelist their own domains speaks to their commitment to strict security measures and good engineering culture. Special cases aren't special enough to break the rules.


If they don't whitelist and use the rate at which their own emails end as spam to improve their spam filter, that's great engineering culture.

If they don't whitelist and the emails just land in spam without anyone taking notice, that reminds me more of the well-known slightly satirical image of Microsoft's org chart [1]

1: https://bonkersworld.net/organizational-charts


Adversarial collaboration is a real thing. Similar to journalism/advertising there aught to be a wall between spam detection and marketing. When any enterprise become large and diverse enough, parts of it will have adversarial postures.

https://en.wikipedia.org/wiki/Adversarial_collaboration


On the other hand, `notify.trafficmanager.net.`, the domain name used for Edge push notifications through Azure Traffic Manager, currently points to `notify1.ontario.ca.` with a CNAME record. This resulted in an Edge push notification outage a couple weeks ago, but they never fully fixed it. Push notifications are working again because they use subdomains of `notify.trafficmanager.net`, but `notify.trafficmanager.net` itself is simultaneously used by one of their Azure customers--and they seemingly have no idea.

In other words: `*.notify.trafficmanager.net` is special-cased, and this has caused problems.


>speaks to their commitment to strict security measures and good engineering culture

Does it really or does it just mean that nobody cared enough to do it for whatever reason?


I'm sure the Azure people are aware and annoyed. I appreciate that the security people are holding the line.


Or Microsoft are just terrible at classifying spam


Or terrible at writing emails, or configuring high volume sends, so that they don't look spammy.

I work for a market research company. Most of our projects gain survey responses via market research panels - or panel marketplaces - so we don't need to email people to ask them to fill in surveys. But we do plenty of projects for clients who send us mailing lists of their customers, who we then contact to fill out surveys.

This is all fine and good but when you're contacting completely different lists of people all the time it's really easy to end up looking like a spammer (this is also why platforms like Sendgrid, and Mailchimp - although great in many ways - aren't a good fit for a market research use case: you're not just contacting the same list, or subsets of that list, over and over; mostly you're contacting different lists for each project, unless you're following up for a single client).

We've had to build our own mailing platform to do this successfully, so that our email is actually delivered into peoples' inboxes, rather than going to their spam folders.

And it's not just the content of the email that matters: it's how you send it, making sure you have DKIM and whathaveyou configured correctly, whether the HTML is valid, etc. Our system automatically checks every aspect of an email before anyone is allowed to hit send (and each send has to be reviewed by one of a list of approved individuals). It also checks the mailing list and cleans out any addresses that are likely to be bad, or who have unsubscribed. Again, if you're not careful about who you send email to, you'll look like a spammer.

A big chunk of our business depends on our ability to get emails into inboxes, so we take great care to make sure that happens. Reputation is everything when it comes to bulk emailing in market research. Because humans under pressure to deliver sometimes cut corners we've baked that great care right into our systems. They're not foolproof, but it's now really quite hard, and would require concerted and deliverate effort, for anyone on our team to send an email without the vast majority of intended recipients receiving it.

This whole thing is a kind of nightmarish arms race but I've been doing this for long enough that I'd put money on it not being Microsoft's spam classification doing it wrong here.


Pretty much.

- Receive new e-mail from MS user at IP X

- Send reply to the same user from IP X

- notice IP is blacklisted, so the email doesn't even end in spam

Great engineering. Users must be excited MS allows them to send e-mail to servers they know are blacklisted, so will not be able to receive the reply from.

Great [honest] engineering would be to just refuse to send the e-mail and tell the user that they are not allowed (by MS) to communicate with this recipient.


One of the signals they use for classifying spam is people clicking "Report Message->Junk" in Outlook, so it's probably a constant battle with people who forget they signed up for something and call it junk.


People forget they signed up for something, didn't opt-out, got on some list from a conference they attended, etc. and just report as Spam even though there's an unsubscribe link.

Frankly, the vast bulk of the email in my Spam folder isn't egregious fake medicine and the like. It's mostly low quality mailing lists, much of which isn't much different from what ends up in my inbox.


> didn't opt-out, got on some list from a conference they attended

I would totally consider emails I received because of either of those things as spam. If I get an unsolicited email, it gets reported as spam regardless of the presence of an opt-out link. I wouldn't click any link in an email that came from someone I didn't opt into getting email from.


If they were, they'd still be bleeding users like they did when Gmail came on the scene. That's why I switched; Hotmail 20 years ago did not appear to do any kind of spam blocking at all.

Today, Outlook.com and Hotmail.com combined still have a pretty strong market share.


Good engineering culture?

I hope this refers to something behind the scenes that I as a Hotmail/Outlook user am unable to see. Because UI and product-wise, I don't see much evidence at all that someone of a good engineering culture cares about the experience I'm having with the product.

More like a team phoning it in.


Would likely be different teams working on spam detection and on the frontend though. The cultures could vary wildly between them, as well as how they fit into the wider product development flows/structures.


Moreover they don't even whitelist their own IPs for some basic checks like SPF, which can be skipped. I have a work email (using Microsoft services) and another company mailing list, which my email is member of (also on Microsoft). At some point sending email to that mailing list triggered bouncing between Microsoft own servers eventually resulting in my email being automatically removed from mailing list. Basic investigation showed that one Microsoft server rejected emails from another one because of bad SPF record. Either company spent months solving the issue with Microsoft. The issue disappeared eventually magically the same way it appeared.


Teaching people to look for official communication from Microsoft in their spam folders invites phishing attacks. Fastmail puts a special seal on account-related communications from Fastmail; I think that’s good and wise.


You'd think that they'd have a non-domain-based way to do it, like cryptographically signing their own damn emails with a key embedded in outlook or something.


I've seen perfectly nice SPF/DKIM/DMARC valid message being silently rejected because of a bad reputation TLD or bad ip neighborhood.


Then they go and immediately go and shaft you with a set of non-opt-outable welcome emails with Windows 11. I think any credit due can be shoved up their ass.


They can and do whitelist all sorts of things for special cases. Microsoft is good at what they do, but they are a pragmatic company.

My guess here is that some junk folder routing is on client side, or the user flagged junky email from the same infrastructure as junk. Or, O365 tweaked some settings to address the issues with spammers using Outlook infrastructure that bypasses spam controls.


I’m not sure, I created a brand new Outlook email account a while back and the welcome email went directly to spam. That just seemed kinda dumb to me.


Is this sarcasm?


I'm almost certain that it is not sarcasm.


Wouldn’t whitelisting their own products also constitute anticompetitive behavior?


Now that it's hit the HN front page and will presumably be drawn to light of some managers, it will be interesting to see if the behavior remains the same in a few weeks.


It is a good first step.

They know these are legitimate emails though, so they should treat their presence in the spam folder as essentially a bug report.


Please use "allowlist"


This isnt worth correcting people over and inserts a level of grievance that isnt called for. For the record I like some of the more recent phrasings - blocklist in particular is nice being that it is self describing.


Being this obnoxious won't help the cause at all. Keep using this alternative yourself when you can. Perhaps it will naturally fade out of use. For instance, you could have commented about it using "allowlist" in your own writing and it would be just natural.

Personally I'd say we have a limited bandwith to talk about prejudice in the public discourse. I'd rather we don't waste it away with useless remarks.


> Being this obnoxious

The comment contained a grand total of three words. If someone has this initial reaction to those words in this context, perhaps they should consider their priors.


You see, that's a problem. I'm left-wing. I'm part of minorities. I won't give up my political convictions and side with reactiona... I mean, conservatives because I'm annoyed by this focus on the raw words and not on intention.

Yet, just remarking this is enough for insinuations like yours.


I made no mention of your political beliefs; that is simply how you chose to interpret my words.


Not everybody cares about this stuff. The majority of HN users come from outside the United States, as previous polls showed. Please stop trying to force us to care about your history and internal political issues, we have enough of our own.


I'm not from the United States. But am from a country that has deep racial issues. "Black" items are to be excluded/blocked, while "white" ones will be included/accepted. In a world where there are racism problems in most societies - many of which are about dark and light skin colour - this can be experienced by some as just one more implicit bias of white/black being good/bad.

The standard you walk past is the standard you accept. Happy to eat the downvotes here.


Mentioned before in another thread. Google workspace flagged an email from Google domains as spam. And it wasn't even a marketing email from them. It was a reminder that I had a .dev domain about to be renewed. I guess that's what happens when you're just too big. And I don't blame the Gmail team. Google has probably launched and killed a thousand products with a thousand domains so curating that whitelist is probably a hard job


I've run into this issue when creating G Suite accounts and sending the initial welcome email (with password reset link) to a user's personal Gmail account. Somehow delivering an email with content written by Google, from Google to Google, is an issue.


They don't even need a curated whitelist for high value domains do they? If they've seen 1 million emails from @domains.google and <.1% got flagged as spam, isn't that a good enough indicator to consider the domain a good actor?

I can understand the difficulty in judging new domains, but having established, high value, high volume domains getting their email flagged as spam is ridiculous.

It could also be anti-competitive behaviour. They want the system to be a complex, opaque, black box because then it's more important for other providers to trust their IP ranges because they're a known-good participant. If you're a small sender that wants decent deliverability your options are Google, MS, etc..


The specific emails that were marked for me were also reminders about a subscription. Interesting!


Maybe all these new AI aren't that smart after all. I just checked and in my case the email was coming from domains-noreply@google.com so you'd think that Gmail is smart enough to not flag as spam an email from google.com and yet...


Must be a common phishing scam.

"Your domain is about to expire, enter your Google username and password to renew it!"

If it was me, I'd pattern those emails to be exactly like the real ones. So then the real ones might get flagged by the spam filters too. You'd think they'd check who's sending them though (origin server)...


After failed Sears and Roebucks, I think Microsoft is the #2 company of all time for "the right hand doesn't know what the left is doing."

It's notorious that they have a hard time replicating products that competitors make look simple: look how the Steam store really works for for games, or how Dropbox works so much better than Onedrive.


Yes, I can't wrap my head around the fact that VS Code and Teams came out of the same company. That the same people who thought "it's a good idea to use CS theory to add a type system to Javascript" are the same people who thought "it's a good idea to put ads in the start menu".


> That the same people who thought "it's a good idea to use CS theory to add a type system to Javascript" are the same people who thought "it's a good idea to put ads in the start menu".

The secret is that they aren't the same people.


They aren't even aimed at the same customers.

I use Windows 11 Enterprise and I've never seen ads in the start menu, because corporate customers wouldn't put up with that.


They both work for and represent/is represented by the same company though.


The company is the same, but the people are not. There's a lot of people working at Microsoft. Different departments, even different teams, can have completely different approaches.


Sure, but I would still feel angry towards people who work for unethical companies even though they "just" work in the accounting department.

Same here, just because you work in a different team doesn't mean people won't associate you with the rest of the crap the very same company puts out.


Which was the point of the left hand/right hand analogy.


VS Code's selling point is that it's a middle-ground between (relatively) lightweight performance of a text editor, and power of an IDE. People are keeping an eye on performance, and they'll stop using it if it just becomes a bloated, master-of-none IDE.

Teams' bread and butter is being "good enough" for enterprise. And they're also locked into a lot of bad early decisions they made since they don't want to break compatibility for huge, paying customers of theirs. I feel like they have to be incredibly careful making changes to not step on toes in that regard, making development a slow-moving behemoth.


What do people not like about Teams? I just started using it with a contract customer and it seems fine. Does what it says on the proverbial tin.


Teams, unlike pretty much every competing solution, is horrible when working with multiple different identities. If you have an account with an employer, a university and multiple clients, switching them is a pain (compare and contrast, for example, Slack). If you want to get a meeting in your Teams organization and invite a few people who are currently logged in their own organization, it is a pain to do so, and may involve them signing off of all kinds of other key MS tools they need to use during the meeting. If you want to use your phone to be in 'chats' of three different Teams organizations (e.g. three different consulting customers) at the same time, without switching between them but just monitoring all of them at the same time, I'm not sure if it can be reasonably done, and that IMHO is a relatively simple need and one which everyone else somehow manages to do better.


I have to use Google Hangouts or Meet or whatever it’s called now, Zoom, Teams and Slack Huddles. Teams consistently screws up audio, video or both! Then we end up back in Slack.


For the last couple of months, I occasionally don't get notifications if the app is not focused. And it's not just me, several team members are experiencing the same issue. Imagine-- a messaging app that doesn't deliver notifications when running in the background.


No notifications (which honestly I’m fairly happy about, my team’s important communications happen in Slack), the frequent rejection of mouse clicks (literally took me 30+ clicks to share my screen today), the bizarre window behavior as you switch monitors, windows vanishing as you switch apps… it’s just a nightmare.


The UI is pretty awful in a bunch of ways. The performance is hit-or-miss at best. It's a resource hog. These are my top-line irritations with Teams. If I weren't forced to use it by my employer, I'd happily never touch it again.


The UI isn't smooth. Notifications will appear & then the message won't show up for a few seconds. Scrolling back through history can start flickering all over the place. It takes up a lot of memory


You running 64GB or 128Gb of ram?


Admittedly I'm using a fast machine they configured and issued to me (i7-12850HX with 64 GB), and with a decent (50 Mb/10 Mb) broadband connection. Haven't had to do much with Teams yet, but it hasn't actively pissed me off.


I have 128Gb RAM, it's not enough to make ms teams remotely close to acceptable because the UX is still like a parodical mashup of every bad idea microsoft has ever had.


Isn't that just because it's an unfathomably huge company with a very broad range of products


Yep, literally the size of a city and over a dozen billion-dollar ARR products. VSCode and Teams are basically different companies where it's easier to transfer to and from.


Sometimes I wonder if there is some kind of upside down "virtue signalling" going on.

Ads in the Start Menu might not make a lot of money but investors might be impressed that Microsoft is at least trying to make a few more cents here and there.

I wonder if Amazon treats employees so poorly not because this is good for business but because it helps Wall Street accept Amazon's loss-making habits (at least they aren't being generous with the help) and maybe convinces a few customers that Amazon is trying really hard to serve them well.


So "vice signalling", maybe?


I would love for society to return to using "virtue-signaling" and "vice-signaling" in their original meaning, instead of this contemporary linguistic hell where the former is a derogatory synonym for political correctness.


That's not going to happen. Now, I take them as a different sort of signal. Someone who uses those terms are more likely than not coming from a certain worldview, and so it tips me off about the context in which to take their comments.


since in contemporary western society we don't have commonly agreed-upon ideas of "good", "good" becomes an individualized, emotionally-driven thing about agreeability. in the absence of a standard, "the virtues" are replaced with the much more malleable concept of singular "virtue". so today "virtuous" just means "good" and "good" means "agreeable to my worldview", and since we've collectively conflated worldview with politics, having acceptable politics is, quite literally, signaling virtue.

point is that while it's disappointing for the west to lack a clear moral sensibility, the linguistics are perfectly coherent


In order to smash the patriarchy completely, we'll need to abolish the term "virtuous" because it literally means "manly".

So, even a "virtuous woman" possesses "manly" good qualities. Repugnant, isn't it?


Won't happen.

3000 years from now conservatives will be reading from their "Old Testament" about the evils of political correctness even if they are hazy about the details as if Stanford was on the East Coast or the West Coast.

There was a blog post that got flagged this morning where somebody was complaining about those "In those house we believe signs..." which I haven't seen around for a year or so.


That needs to be a thing.


Might have to do with how the company is organised: https://www.businessinsider.com/big-tech-org-charts-2011-6


that the same people who made windows <version> made windows <version>


When OneDrive works it is nice. Problem is that when it doesn't work, you can be in for a hell of a ride trying to get it working.

I just finished spending more hours than I want to count trying to clean my dad's PC of all licensing and account connections to his former employer's use of Office and OneDrive and onto his personal account and license. In hindsight I wish I had just nuked and paved it, or bought him an iPad with keyboard and mouse.


No, literally every large company with a wide variety of products is like that.

It's a fundamental problem of organizations operating across a wide variety of domains, because communication doesn't scale.


has dropbox not been on life support for a good 5 years now?


Might look like so for consumers, Dropbox is focusing on enterprise, like the traditional startup path of "scrappy startup for consumers -> some new features for companies -> everything is for enterprise".

If you want your stock value to increase, profits has to too, so targeting the segment the most money is exchanged makes sense. But argh so boring.


The gun meme always seemed kind of fitting.

https://i.insider.com/4e0b3416cadcbb0d37010000?width=400&for...


It would seem they actually do whitelist some of their own stuff - specifically those weird "Microsoft Viva" emails that Outlook users get.

A year or two ago, I did get Outlook to classify those emails as "Junk" automatically, by repeatedly reporting them - but then something changed, and after that they never were marked as "junk" again - no matter how often I do report them.


I've never gotten a Microsoft Viva email across a couple of O365 accounts but none of the orgs ever set up Viva to my knowledge. If it's something your org set up it'd make sense it could break the rules, otherwise dunno.


Those emails are awful, but in fairness to Microsoft, there is a link in them that takes you to the settings page where you can turn them off. It worked for me, and I haven't received another one after that.


Those e-mails can be easily turned off. I suppose they are not really e-mails, but rather something hybrid that happens on the Exchange server and bypasses the usual e-mail pipeline.


It’s possible that many users classify them as junk and so the Bayesian filters learn from that. Plus they might actually be junk. The filters are usually content based.


Yep, my first reaction was, "seems to work as designed". The fix isn't to whitelist, the fix is to make their own emails more relevant (or easier to unsubscribe from).


I’ve known people who use the spam button for any email they do’t want right now. They say “it’s easier” than hitting the “unsbuscribe” link or they say “if I hit unsubscribe they’ll just send me more email”. It’s hard to maintain a rational filtering system under those circumstances.


I've seen faked brand emails hit my Gmail inbox with (presumably malicious) unsubscribe links, and I've definitely seen sites "forget" that I've unsubscribed.

It's a bit of a tragedy of the commons, but I think the state of email is such that simply reporting unwanted email as spam is a rational choice


> “if I hit unsubscribe they’ll just send me more email”

This is likely true if the email is from a spammer.


Microsoft's disjointed approach to email doesn't surprise me here. They're actively enabling more phishing and fraud by not respecting the DMARC standard or participating in sending aggregate reports.

For all that people like to bag on Google recently, Google has worked harder than anybody on this.


> They're actively enabling more phishing and fraud by not respecting the DMARC standard or participating in sending aggregate reports.

Yep. There are situations where they'll simply ignore DMARC aligned messages if they don't like the content, filter them into (admin only) quarantine, and refuse to let you create rules for special cases so you receive important messages.

I know because I've had it happen.


> For all that people like to bag on Google recently, Google has worked harder than anybody on this.

Oh come on. Back when they first built Gmail, maybe sure.

But in the last 10 years or so? They’ve been totally ignoring the fact that they categorize their own non-marketing non-spammy emails, specifically requested on specific non-spammy topics by the user, generated by Google, and sent by Google, as spam. I don’t think they have worked harder than anybody on this. Snacked harder, maybe.


For advancement and adoption of standards to help combat this stuff, yes they have indeed. Yahoo as well.

Most other companies seem interested in selling band-aids to repeated cuts than preventing the cuts in the first place.


But there are still no truly widely used standards to ensure emails are actually from the claimed sender. Many of the most popular phone-based email apps (including Google's) don't even show the from/reply-to addresses by default, and often make it hard to determine what URLs embedded links refer to.


Verifying they are from the actual domain is a huge step in the right direction though.

Beyond that, there’s still plenty of work to do but the surface area covered by wide spread DMARC adoption is huge.


Then again, Google benefits if email goes away entirely. Ditto Meta and, yes, Microsoft.

We are seeing the initial skirmishes in a knock-down, drag-out war that users are going to lose.


Gotta appreciate the honesty!


Spam filters working as intended.


In a roundabout way, this is to Microsoft's credit, sort of...


Is this not what you would want? What you classify as junk might be something someone else reads. But I would want any junk filter to be based on my usage.

In fact, the suggest that they should whitelist their own domains seems to be fairly monopolistic, something Microsoft has had to deal with in the past.

This seems appropriate and right, and not any indication of anything other than things work as they should.


You're lucky that those mails reached your account. Don't use Microsoft services for email. Especially not outlook.com ones. Sometimes mails sent from little private mail servers just vanish. Not in Inbox, not in Spam. Also no error for the sender. Very bad.


Something is generally wrong with Microsofts spam filter. I had to use workflows to completely disable it, because it started putting important things in it. Literally emails from people that answered to emails I initiated...


Somewhat related, I had recently tried sending an email to legal@microsoft.com and my emails were rejected. I tried a couple of times using two domains and I could only assume they were blocked because I had "microsoft" in the username (so "microsoft@[mydomain].is" and "microsoft@[mydomain].xyz". I guess it's understandable as sending an email with "microsoft" in the username could be construed as a phishing attempt against Microsoft employees.


Hard to believe that they've owned Hotmail/Outlook.com for over 20 years and their spam filtering is still atrocious. Gmail is 100x better and so is O365.


Since weeks I have the opposite problem that outlook.com does not seem to detect spam at all anymore. Getting a dozen obvious spam emails a day right in my inbox


In other news, water is wet.

Junk email classification seems to be hard for everyone. I've seen Apple and Google do similar things with their respective email clients and messages from their own companies.

At a previous job, we might have lost a significant contract if I hadn't been checking my Gmail junk folder. A former client was trying to contact me from a new company about potential work, and Gmail must have thought the start-up's domain was risky.


In my old organization, internal emails (same domain, internally sent) were regularly classified as spam if the UA wasn't outlook. "Clutter" added another circle of hell, as not only you had to explain "check your junk folder" but also "check your clutter folder".

I attributed this to the sheer incompetence of the local admins. The same organization later switched to O365, and the problem remained unchanged.


I always mark that stuff junk. You're welcome.


I saw a bunch of mails just now in my junk folder from Microsoft support engineers, from threads I was CC'd on. That was it though.


Thats really bad honestly, imagine if you missed something important from Azure because its in a spam filter.


You must not be signed up for those emails (at least not for an environment of any real scale), because the most common reason people miss those mails is not because they ended up in the wrong folder, it's because there's too many of them to be able to read them all.

It's an incredibly common problem. Super important email, like an outage is brewing, or they are EOL'ing something which is going to blow you up (like older TLS versions), and yeah, you got it, but you probably didn't read it.


Since I have yet to receive an email from Microsoft that wasn't junk, I wish my Outlook installation marked it all as spam, too.


This was the breaking point for me leaving Microsoft 365.

I was losing a ton of important email because Microsoft would flag it as junk.

And even though I had complete admin rights over my tenant, I had no idea how to disable junk mail entirely.

(Also, fun fact, MS _still_ only gives you a 50GB mailbox! Google's at, like, a terabyte per user now...)


Microsoft is well known to be organized as a set of teams that hate each other. Azure and Outlook are likely two different teams. There is a famous comic for that: https://i.imgur.com/XLuaF0h.png


So MS keeps sending me email thinking I am part of some program, I can't unsubscribe because I need to sign in to do that, which I can't do because I am not part of the program (anymore?).

So for me they are spam and I will mark them as such. I'm on fastmail tho so not sure whether they get the feedback.


I signed up for a Teams developer environment to develop and test sending email using office 365. I was able to send one email from this and the rest would just get caught in spam filters but not at the inbox level.

Maybe Microsoft has problems with people using Azure to send spam


I wish! A couple years ago without my consent Microsoft started sending me daily and weekly messages that hype meaningless metrics about how much I use Microsoft products. I’ve flagged every single one as spam but their system will not take the hint.


Google does this too with emails from Google Groups. It knows I'm subscribed to that group!


So the spam filter works better than expected, in a proven environment!


If you are subscribed to various emails and are not checking them often, Microsoft outlook will categorize them as junk.

Junk has a broad definition in outlook.com. It includes commercial emails too.


I have seen even some of Microsoft's invoices get trapped by their cloud mail filter as potential phishing.

This is another reason why we use a third party filter and dial the MS one way down.


Month or two ago I was getting a lot of spam from Microsoft domains, good to know that they finally caught up and solved the issue. In a special, Microsoft way.


Every day I also get at least a dozen very obvious phishing emails that end up in my primary Hotmail inbox. The algorithm just doesn't seem very good.


My work office365 mailbox is unusable. Normal mails ends up in spam or quarantine, or gets delivered with a very large delay.


TBF that might not be MS's fault. My work office365 mailbox is similar, but it was about the same before we moved to office365 due to additional filtering our IT does in the name of security.


Why would you want Microsoft to trust Microsoft? Good on them for not trusting themselves, makes a secure baseline


If customers are able to influence the content and recipient of these messages, they could use it for spam.


I noticed the opposite. Outlook refuses to classify microsoft's spam as junk and let me block it.


Because Exchange and Azure are different orgs, and its very hard to get privileged send access.


Were the emails junk though? You didn't mention if they were emails you wanted or not?


They've been sending me emails in some nordic language for years unprompted by me.


Isn't it because of the fact that the from addresses on an email are not reliable?


Yep, happened to me just last week with Azure Learning emails.


Don't a lot of the companies outsource to Spamhaus?


"Even a stopped clock is right twice a day"


Google has been doing the same for years.


Same with Google.


Email is hard :)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: