I'm not surprised they also keyword block, because Outlook flags Microsoft's own marketing messages as spam.
There really needs to be some kind of global Digital Bill of Rights which provides legal recourse from these giant sclerotic algo-run oligopolies.
MS, Meta, Amazon, YouTube and Apple all have policies that can nuke SMEs on a whim without consequences, often without even noticing, after their algorithms make a wrong decision about imaginary "abuse".
Agreed. I think the problem is mainly that communicating what is wrong in a way that politicians can understand is difficult, and the people who governments hire to make them understand, are not incentivised to do so here (they're typically corporate types, good at ticking boxes, not so good at technology).
Making the EU understand issues such as why Apple's monopoly is a bad thing is easy in comparison, because everybody has a phone and everybody understands "shops". Even so, I'm impressed that went the way it did. I don't have much hope for politicians understanding what MS et al. are doing to mail though.
We had the same thing happen with any email with 2f<domain> anywhere in the message body on Google workspace
The "2F" URL decodes to slash / and a third party registered our 2f<company>.com (probably for nefarious purposes)
That kicked on the automatic filtering on messages that had URL encoded links and started blocking them.
Eventually, we had to register 2fgoogle.com ourselves to escalate the issue.
But there is a larger pattern to acknowledge here. It's about unaccountable digital privilege and the ability to wield technology for capricious harm.
This week I've been interviewing US government tech workers about the misuse of the SSA "master death file". If you're in this file you're digitally "deleted from society", after which all credit cards are automatically cancelled, bank accounts frozen, so one cannot get paid, see a doctor, travel or function in US society. DOGE are actively working to consolidate and centralising systems to make it "easier" to nudge undesirables to "self-deport".
In order to do this, huge amounts of illegal activity are already afoot, but most people, including judges, are not technically able to comprehend what is being done or what technofascism looks like.
If we want a "Bill of Bytes", it is going to need some very wise and far sighted thinkers who understand the nature of digital harms, and it will need to apply as much to governments and individuals as to private enterprise.
Existing "cyberlaw", including things like "computer misuse" are looking decidedly stone-age in the face of 21st century "layer-8/9" threats.
That is the general idea and working theory, but in practice experience has taught me that the MDF doesn’t actually reliably perform this function. As always, it comes down to implementation.
I’ve handled the estates of multiple deceased members of my family, and in that capacity I have witnessed that the result of your death being reported to SSA varies wildly even across businesses in the same industry.
My favorite is ISPs. At least two of the major national ones don’t actually seem to close accounts upon death, even if notified, with no services active and the account settled to $0.
I still receive bills even after notifying the sender of the account holder’s death. There are still financial services accounts with no activity that seem never to close.
I assume that many businesses are just using open accounts they know belong to dead people in order to artificially inflate their customer counts.
The federal government and its agencies very quickly update their databases with additions to the death file, and that seems to stick. Private sector is a crap shoot.
"Please bear in mind that if you are using a non-standards compliant e-mail service provider such as Microsoft, e-mail delivery may be effected"
I wasn't even sure if the standard specified what to do with undeliverables, but it turns out that RFC 5321, RFC 3461, and RFC 3464 do. TIL :)
On the outside, things look great, looks like to be a good value for the price, but for real, everything is buggy, lot of basic features requires you to manage them with PowerShell commands, there are bugs for years and the support is clueless. For example don't mind using "shared mailbox" or "delegation" without fighting a labyrinth of unexpected behaviors.
For outlook app in itself, you have around 3.5 different versions of it fighting in duel. With the "new" version not necessarily the one to use to have all the paid features, that would be the "classic" version.
With the new or web version, you can't move more than around 100 mails at a time, or more crazy, you can't delete more than 10 contacts in one go...
What amaze me is that all the email/contact/agenda suite looks like semi abandoned when they should make so much money with all the subscription and when everyone is there showing off with billion dollar tech in AI when your basic features are still incomplete and buggies.
I recently helped troubleshoot a similar issue - we were suddenly getting emails disappearing when sending to M365 customers. No spam or quarantine, just disappearing down a black hole like you described. We sent a test message to a M365 customer who could help run the message trace, and we discovered that the SVG logo in our email signature was being flagged as a phishing attack. We had been using this logo for about a year without any issues, but suddenly Microsoft just decided to block it without warning.
Message Trace is an interesting one.
If we send an email without the 25friday.com keywords everything works fine, the message is shown on Message trace as delivered and the recipient gets the email with SCL 1 (all good here).
As soon as the very same email is appended with a www.25friday.com, Message Trace still shows the outbound email, also as delivered, but the recipient (if a Microsoft account) never gets the email. We used one of these emails (EML) to create a submission on the defender portal of a false positive, but they always simply disappear with 0 feedback (and the problem still occurring).
We also had a signature with the www.25friday.com link on it and took it out after realising it was causing emails to go to this black hole, so that at least we can still send emails, but we keep having to be careful to never sending any content (or attachment) that somehow mentions the 25friday.com domain.
It's possible that this is a technical issue or a submission server issue, but it's not uncommon for Outlook to make email disappear.
If the recipient is using a personal microsoft / outlook / hotmail account the email gets delivered with a spam score of 9.
If the recipient is a MS 365 account, blackhole it is.
We even set up our own MS 365 to prove this.
“ You are receiving this because you have signed up to be a user of Smart Network Data Services, or a Smart Network Data Services user has requested that this email be sent to this address. Smart Network Data Services is a revolutionary Windows Live Mail initiative, designed to allow everyone who owns IP space to contribute to the fight against spam and protect e-mail as a valued communications, productivity and commerce tool. If you have questions about our privacy policy, please read our privacy statement available at http://privacy.live.com. I
When I test sending a mail to my M365 account with your URL mentioned I find that it gets quarantined (same as if I try to send an email from my M365 account with that URL).
In your M365 test tenant, you should be able to go https://security.microsoft.com/quarantine and see that the emails are getting quarantined, with this information provided as to why:
Detection technologies: URL detonation reputation, Mixed analysis detection
Given that it says "URL detonation reputation" rather than just "URL detonation", that suggests it's using historical information rather than having performed a new test.
This is Microsoft Safe Links functionality - at the very least since you should be able to find the quarantined emails, the headers will contain a correlation ID support can use, although they might not have much power over safe links.
On my "quarantine" I can't find anything (it's empty) therefore I can't also check what's going on. But "URL detonation reputation" is consistent with the behavior we're observing.
It might be worth it to pony up for an M365 license or two, send yourself an email, and then open a support ticket inquiring why the email was blocked. I would even avoid mentioning that you are the sender. Just pretend you're a regular customer who receives email from your domain and you're wondering why it was blocked and if there's anything that can be done to stop it from happening.
The fix was our own MSFT support case opened via our own E5 subscription which took two weeks to get the app unblocked. To prevent future reports we put a custom hostname on the IdP. So app.example.com now redirects to login.app.example.com
We do have subdomains for internal tools of course, but those should not even be publicly accessible (behind an auth proxy).
So maybe folks mean to “report spam” on your emails but “report phishing” instead…
I guess I'll try to submit a report anyway using Googles' outbound IPs.
I think it's also possible a large amount of people on Outlook (or LinkedIn?) lost interest and clicked "report spam" because it's quicker and more effective than unsubscribing from most automated messaging.
Edit: another thing I caught O365 doing was rewriting the headers in my email (it didn't like the way my From:-address was structured by my server) and then checked the DKIM headers. Obviously the email they altered themselves didn't pass the DKIM signature check. Worked around it by altering my email client to set the From address in a way that Outlook liked.
1. Rename the company
2. You (or somebody you know) gets a job at Microsoft in the correct team and removes 25friday from the backlist.
I'm guessing at some point the past, there was a large spam campaign that targeted friday the 25th for some reason.
She had to call the bank to find out what the balance is. Of course on their side it looks like the statement was generated and emailed at the normal date.
We do use Azure for small stuff, but too small for any special support channel.
No, it isn't. It has never been.