- Microsoft routed example.com email traffic to servers operated by Sumitomo Electric
- A test-only domain was treated as a real email provider inside Microsoft systems
- Outlook autodiscover returned valid IMAP and SMTP servers for fake accounts
In January 2026, network researchers noticed unusual behavior inside Microsoft’s infrastructure involving example.com.
This domain exists strictly for testing under established internet standards, and the global domain registry system protects it.
Traffic that should never have resolved to any real organization instead routed to servers operated by Sumitomo Electric, a Japanese brand known for industrial cables rather than email services.
Autodiscover anomaly
The anomaly appeared during routine tests involving Microsoft’s Outlook autodiscover feature, which raised immediate questions about how such routing could exist at all.
Requests sent to Microsoft initially produced no explanation, even after the improper routing stopped.
The issue originated in Microsoft’s autodetect and autodiscover systems that it uses when configuring new email accounts, similar to automated setup tools used by website builder platforms.
When researchers submitted test credentials using example.com, the service returned JSON responses that included mail server hostnames linked to the sei.co.jp domain.
These responses pointed to IMAP and SMTP endpoints outside Microsoft’s network, even though the credentials were clearly placeholders.
Under RFC2606, example.com should never generate routable service information, which makes this behavior difficult to reconcile with expected standards.
By Monday morning, the visible routing behavior had ceased, although Microsoft still did not provide an immediate technical explanation.
Instead of returning server information tied to Sumitomo Electric, the same endpoint began timing out and then responded with a not found error.
Microsoft later confirmed that it had updated the service to stop providing suggested server information for example.com, and it stated that the investigation remained ongoing.
The endpoint no longer returned the problematic JSON output, although the underlying routing logic remained unclear.
It remains uncertain how a subsidiary domain of Sumitomo Corp. became embedded in Microsoft’s network configuration, especially within systems comparable in scale to global web hosting infrastructure.
Previous public statements about Sumitomo Corp. deploying Microsoft 365 Copilot do not explain why a separate corporate domain appeared in autodiscover responses.
Reports suggest the behavior may have persisted for several years, which raises the possibility of long-standing configuration drift within a critical service.
Microsoft has not clarified how it adds or audits autodiscover records internally.
As of the time of writing, no evidence shows malicious intent behind the routing behavior, and no indication suggests that real user credentials were exposed during normal operations.
The incident revived memories of earlier administrative oversights disclosed by Microsoft, including a forgotten test account that allowed state-backed attackers to access internal systems.
Via Arstechnica
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.