Forum Discussion
Ridiculous Outlook/Hotmail/Live/MSN email rules exploit and MS is doing nothing about it
This is how I understand your issue; please let me know if this is incorrect:
Your website sends out mails to your (validated, I presume) users.
Those users have a forwarding rule added to their account.
Gmail answers about mail that couldn't be delivered.
As I said, many of the same issues are happening daily.
These emails are valid, I have to spend my day blocking them and sending emails asking them to check their rules and email forwarding.
Most of them don't even know how to use these features and are unaware of who added these rules/forwarding to their accounts.
Also, as I said, different emails are sent to the same fake email, I can't imagine different users could type the same large and randomly email by themself
The same is happening to " @hotmail.com", many users forwarding emails to this empty username emails
So, for me, it is very clear that people are exploiting some Microsoft vulnerabilities to add these rules to Microsoft emails.
Also, there is that case I mentioned, where a guy found some rules added to his mom's emails to forward her emails to a Russian address:
https://answers.microsoft.com/en-us/outlook_com/forum/all/how-to-stop-emails-from-being-forwarded-to-a-mail/e8220457-e51a-4ee9-ab54-869c21ba3ae8
That was where I found out what was happening with the users of my website.
- Hi,
now I understand your issue.
It's about the fact that users can setup mail forwarding without validation of the mail address they are forwarding to.
Valid point!- But it is probably an exploit because people are unaware of this, if you read the link I sent above the guy mentioned there is a rule to "delete any emails from postmaster", so people are not getting this error message but my server is because I am the sender and my email was not exploited.
