Ridiculous Outlook/Hotmail/Live/MSN email rules exploit and MS is doing nothing about it

Copper Contributor

My website sends a lot of email notifications to the users.

 

For a long time (maybe more than one year already) I've been receiving weird bounce about forwarding emails and I took that long to understand what is happening.

 

Somehow people are exploiting Microsoft email rules and adding rules to forward users' emails to weird recipients, and my server IP is being affected by all this forwarding.

 

There are hundreds of cases, where the system sends emails to a Microsoft email and these emails are forwarding the messages to other emails, mostly Gmail... few months ago it started to forward to an email with a blank username ("   @hotmail.com")

 

In the most cases, different users are forwarding the messages to the same weird recipient, etc...

 

Here are some cases (remember the original email are MS ones and the final destination is bouncing an error):

 

image.png

 

joseleonardo85_0-1725878335464.png

joseleonardo85_1-1725878384971.png

 

joseleonardo85_2-1725878440923.png

 

joseleonardo85_3-1725878477851.png

I have more than 300 cases saved here since 2023.

 

I've seen some other users complaining about it here where some Russian emails were added to his mom's email.

 

Why MS is not fixing this?

 

5 Replies
I don't really understand why this is a Microsoft issue? Can you elaborate?

This is how I understand your issue; please let me know if this is incorrect:
Your website sends out mails to your (validated, I presume) users.
Those users have a forwarding rule added to their account.
Gmail answers about mail that couldn't be delivered.

@FrederikSeyns 

 

As I said, many of the same issues are happening daily.

 

These emails are valid, I have to spend my day blocking them and sending emails asking them to check their rules and email forwarding.

 

Most of them don't even know how to use these features and are unaware of who added these rules/forwarding to their accounts.

 

Also, as I said, different emails are sent to the same fake email, I can't imagine different users could type the same large and randomly email by themself 

 

joseleonardo85_0-1726135920934.png

 

joseleonardo85_1-1726135988835.png

 

joseleonardo85_2-1726136039156.png

 

joseleonardo85_3-1726136090082.png

 

joseleonardo85_4-1726136135370.png

 

The same is happening to "   @hotmail.com", many users forwarding emails to this empty username emails

 

joseleonardo85_5-1726136296948.png

joseleonardo85_6-1726136338824.png

 

So, for me, it is very clear that people are exploiting some Microsoft vulnerabilities to add these rules to Microsoft emails.

 

Also, there is that case I mentioned, where a guy found some rules added to his mom's emails to forward her emails to a Russian address:

 

https://answers.microsoft.com/en-us/outlook_com/forum/all/how-to-stop-emails-from-being-forwarded-to...

 

That was where I found out what was happening with the users of my website.

 

 

 

 

 

 

 

Hi,
now I understand your issue.

It's about the fact that users can setup mail forwarding without validation of the mail address they are forwarding to.

Valid point!
But it is probably an exploit because people are unaware of this, if you read the link I sent above the guy mentioned there is a rule to "delete any emails from postmaster", so people are not getting this error message but my server is because I am the sender and my email was not exploited.

I asked a user to send me a printscreen of his email's rule page and that is what I got

 

I don't even know what language it is but there is a link for a telegram group and a Facebook ID, someone is hacking Hotmail/Outlook rules

joseleonardo85_0-1728665078640.png