Sep 09 2024 03:52 AM
My website sends a lot of email notifications to the users.
For a long time (maybe more than one year already) I've been receiving weird bounce about forwarding emails and I took that long to understand what is happening.
Somehow people are exploiting Microsoft email rules and adding rules to forward users' emails to weird recipients, and my server IP is being affected by all this forwarding.
There are hundreds of cases, where the system sends emails to a Microsoft email and these emails are forwarding the messages to other emails, mostly Gmail... few months ago it started to forward to an email with a blank username (" @hotmail.com")
In the most cases, different users are forwarding the messages to the same weird recipient, etc...
Here are some cases (remember the original email are MS ones and the final destination is bouncing an error):
I have more than 300 cases saved here since 2023.
I've seen some other users complaining about it here where some Russian emails were added to his mom's email.
Why MS is not fixing this?
Sep 10 2024 03:05 AM
Sep 12 2024 03:25 AM
As I said, many of the same issues are happening daily.
These emails are valid, I have to spend my day blocking them and sending emails asking them to check their rules and email forwarding.
Most of them don't even know how to use these features and are unaware of who added these rules/forwarding to their accounts.
Also, as I said, different emails are sent to the same fake email, I can't imagine different users could type the same large and randomly email by themself
The same is happening to " @hotmail.com", many users forwarding emails to this empty username emails
So, for me, it is very clear that people are exploiting some Microsoft vulnerabilities to add these rules to Microsoft emails.
Also, there is that case I mentioned, where a guy found some rules added to his mom's emails to forward her emails to a Russian address:
That was where I found out what was happening with the users of my website.
Sep 12 2024 05:41 AM
Sep 12 2024 06:24 AM
Oct 11 2024 09:47 AM
I asked a user to send me a printscreen of his email's rule page and that is what I got
I don't even know what language it is but there is a link for a telegram group and a Facebook ID, someone is hacking Hotmail/Outlook rules