Tell HN: Microsoft classifies own emails as junk

If they don't whitelist and use the rate at which their own emails end as spam to improve their spam filter, that's great engineering culture.

If they don't whitelist and the emails just land in spam without anyone taking notice, that reminds me more of the well-known slightly satirical image of Microsoft's org chart [1]

1: https://bonkersworld.net/organizational-charts

On the other hand, `notify.trafficmanager.net.`, the domain name used for Edge push notifications through Azure Traffic Manager, currently points to `notify1.ontario.ca.` with a CNAME record. This resulted in an Edge push notification outage a couple weeks ago, but they never fully fixed it. Push notifications are working again because they use subdomains of `notify.trafficmanager.net`, but `notify.trafficmanager.net` itself is simultaneously used by one of their Azure customers--and they seemingly have no idea.

In other words: `*.notify.trafficmanager.net` is special-cased, and this has caused problems.

>speaks to their commitment to strict security measures and good engineering culture

Does it really or does it just mean that nobody cared enough to do it for whatever reason?

Good engineering culture?

I hope this refers to something behind the scenes that I as a Hotmail/Outlook user am unable to see. Because UI and product-wise, I don't see much evidence at all that someone of a good engineering culture cares about the experience I'm having with the product.

More like a team phoning it in.

Moreover they don't even whitelist their own IPs for some basic checks like SPF, which can be skipped. I have a work email (using Microsoft services) and another company mailing list, which my email is member of (also on Microsoft). At some point sending email to that mailing list triggered bouncing between Microsoft own servers eventually resulting in my email being automatically removed from mailing list. Basic investigation showed that one Microsoft server rejected emails from another one because of bad SPF record. Either company spent months solving the issue with Microsoft. The issue disappeared eventually magically the same way it appeared.

Teaching people to look for official communication from Microsoft in their spam folders invites phishing attacks. Fastmail puts a special seal on account-related communications from Fastmail; I think that’s good and wise.

You'd think that they'd have a non-domain-based way to do it, like cryptographically signing their own damn emails with a key embedded in outlook or something.

Then they go and immediately go and shaft you with a set of non-opt-outable welcome emails with Windows 11. I think any credit due can be shoved up their ass.

They can and do whitelist all sorts of things for special cases. Microsoft is good at what they do, but they are a pragmatic company.

My guess here is that some junk folder routing is on client side, or the user flagged junky email from the same infrastructure as junk. Or, O365 tweaked some settings to address the issues with spammers using Outlook infrastructure that bypasses spam controls.

Is this sarcasm?

Wouldn’t whitelisting their own products also constitute anticompetitive behavior?

Now that it's hit the HN front page and will presumably be drawn to light of some managers, it will be interesting to see if the behavior remains the same in a few weeks.

It is a good first step.

They know these are legitimate emails though, so they should treat their presence in the spam folder as essentially a bug report.

Please use "allowlist"

I've run into this issue when creating G Suite accounts and sending the initial welcome email (with password reset link) to a user's personal Gmail account. Somehow delivering an email with content written by Google, from Google to Google, is an issue.

They don't even need a curated whitelist for high value domains do they? If they've seen 1 million emails from @domains.google and <.1% got flagged as spam, isn't that a good enough indicator to consider the domain a good actor?

I can understand the difficulty in judging new domains, but having established, high value, high volume domains getting their email flagged as spam is ridiculous.

It could also be anti-competitive behaviour. They want the system to be a complex, opaque, black box because then it's more important for other providers to trust their IP ranges because they're a known-good participant. If you're a small sender that wants decent deliverability your options are Google, MS, etc..

The specific emails that were marked for me were also reminders about a subscription. Interesting!

Yes, I can't wrap my head around the fact that VS Code and Teams came out of the same company. That the same people who thought "it's a good idea to use CS theory to add a type system to Javascript" are the same people who thought "it's a good idea to put ads in the start menu".

When OneDrive works it is nice. Problem is that when it doesn't work, you can be in for a hell of a ride trying to get it working.

I just finished spending more hours than I want to count trying to clean my dad's PC of all licensing and account connections to his former employer's use of Office and OneDrive and onto his personal account and license. In hindsight I wish I had just nuked and paved it, or bought him an iPad with keyboard and mouse.

No, literally every large company with a wide variety of products is like that.

It's a fundamental problem of organizations operating across a wide variety of domains, because communication doesn't scale.

has dropbox not been on life support for a good 5 years now?

The gun meme always seemed kind of fitting.

https://i.insider.com/4e0b3416cadcbb0d37010000?width=400&for...

I've never gotten a Microsoft Viva email across a couple of O365 accounts but none of the orgs ever set up Viva to my knowledge. If it's something your org set up it'd make sense it could break the rules, otherwise dunno.

Those emails are awful, but in fairness to Microsoft, there is a link in them that takes you to the settings page where you can turn them off. It worked for me, and I haven't received another one after that.

Yep, my first reaction was, "seems to work as designed". The fix isn't to whitelist, the fix is to make their own emails more relevant (or easier to unsubscribe from).

> They're actively enabling more phishing and fraud by not respecting the DMARC standard or participating in sending aggregate reports.

Yep. There are situations where they'll simply ignore DMARC aligned messages if they don't like the content, filter them into (admin only) quarantine, and refuse to let you create rules for special cases so you receive important messages.

I know because I've had it happen.

> For all that people like to bag on Google recently, Google has worked harder than anybody on this.

Oh come on. Back when they first built Gmail, maybe sure.

But in the last 10 years or so? They’ve been totally ignoring the fact that they categorize their own non-marketing non-spammy emails, specifically requested on specific non-spammy topics by the user, generated by Google, and sent by Google, as spam. I don’t think they have worked harder than anybody on this. Snacked harder, maybe.

Then again, Google benefits if email goes away entirely. Ditto Meta and, yes, Microsoft.

We are seeing the initial skirmishes in a knock-down, drag-out war that users are going to lose.

Spam filters working as intended.