Forum Discussion
Ridiculous Outlook/Hotmail/Live/MSN email rules exploit and MS is doing nothing about it
My website sends a lot of email notifications to the users.
For a long time (maybe more than one year already) I've been receiving weird bounce about forwarding emails and I took that long to understand what is happening.
Somehow people are exploiting Microsoft email rules and adding rules to forward users' emails to weird recipients, and my server IP is being affected by all this forwarding.
There are hundreds of cases, where the system sends emails to a Microsoft email and these emails are forwarding the messages to other emails, mostly Gmail... few months ago it started to forward to an email with a blank username (" @hotmail.com")
In the most cases, different users are forwarding the messages to the same weird recipient, etc...
Here are some cases (remember the original email are MS ones and the final destination is bouncing an error):
I have more than 300 cases saved here since 2023.
I've seen some other users complaining about it here where some Russian emails were added to his mom's email.
Why MS is not fixing this?
I asked a user to send me a printscreen of his email's rule page and that is what I got
I don't even know what language it is but there is a link for a telegram group and a Facebook ID, someone is hacking Hotmail/Outlook rules
- I don't really understand why this is a Microsoft issue? Can you elaborate?
This is how I understand your issue; please let me know if this is incorrect:
Your website sends out mails to your (validated, I presume) users.
Those users have a forwarding rule added to their account.
Gmail answers about mail that couldn't be delivered.As I said, many of the same issues are happening daily.
These emails are valid, I have to spend my day blocking them and sending emails asking them to check their rules and email forwarding.
Most of them don't even know how to use these features and are unaware of who added these rules/forwarding to their accounts.
Also, as I said, different emails are sent to the same fake email, I can't imagine different users could type the same large and randomly email by themself
The same is happening to " @hotmail.com", many users forwarding emails to this empty username emails
So, for me, it is very clear that people are exploiting some Microsoft vulnerabilities to add these rules to Microsoft emails.
Also, there is that case I mentioned, where a guy found some rules added to his mom's emails to forward her emails to a Russian address:
That was where I found out what was happening with the users of my website.
- Hi,
now I understand your issue.
It's about the fact that users can setup mail forwarding without validation of the mail address they are forwarding to.
Valid point!
