Question

Q: How do I verify that an email message is REALLY from Microsoft?

How do I verify that an email message is REALLY from Microsoft? I got a message from Microsoft [*** Email address is removed for privacy ***] and I do NOT know if this is really from Microsoft. This is happening a lot - I use Outlook, and it sometimes sends messages to junk mail when a company adds the characters "e-mail." in front of their domain.

Answer

A:

How do I verify that an email message is REALLY from Microsoft?

The answer is in the message headers and the Return Path and/or Received From entries. Anyone can register and use any subdomain of the .COM, .ORG,. .NET (etc.) domains, but they cannot have a subdomain of someone else's subdomain.

For example, only Microsoft can own and use e-mail.microsoft.com because they own (and use) microsoft.com. However, the sending address may be spoofed or simply sent through an alternate SMTP server and does not need to originate from the claimed sender's email domain.

Microsoft recently sent me some unnecessary bandwidth in the form of an email, purporting to originate from Explore Windows [ExploreWindows AT e-mail.microsoft.com], but an examination of the message header revealed that the message was trafficked through _HTML-327541689-909156-217021-428 AT bounce.email.microsoftemail.com which isn't even a subdomain of microsoft.com.

A WHOIS on microsoftemail.com revealed that the domain is actually owned by Microsoft. I have absolutely no idea why they felt the need to change mail domains, beyond unnecessarily complicating things for the recipients of the email.

So after a few minutes of examination and information gathering, I've figured out that the email did indeed come from Microsoft. I cheered and then deleted it without having read it or downloaded the images.

Did this solve your problem?

Sorry this didn't help.

35 people were helped by this reply

Answer

A:

I received a mail from email.microsoftemail.com this evening asking me to complete a survey on Office products. All looked legitimate and got through all security on laptop. However after starting the survey, emails were sent to all my contacts ...

It sounds as if the return email address was spoofed (i.e. falsified). Another possibility is Microsoft passing over survey duties to an unscrupulous third party. The full email header might reveal something and might not. Data mining is very prevalent and the information is valuable so it is unlikely the general public will ever see the end of it soon. It's more likely that increasingly sophisticated methods of by-passing local security protocols will be used. It's a vicious circle.

... Anyone got any ideas?

As mentioned above, I simply delete the offending material. Think healthy paranoia.

Did this solve your problem?

Sorry this didn't help.

7 people were helped by this reply



 
Question Info

Views: 41,872 Last updated: June 15, 2018 Applies to: