How do I verify that an email message is REALLY from Microsoft?

How do I verify that an email message is REALLY from Microsoft? I got a message from Microsoft [*** Email address is removed for privacy ***] and I do NOT know if this is really from Microsoft. This is happening a lot - I use Outlook, and it sometimes sends messages to junk mail when a company adds the characters "e-mail." in front of their domain.
 

Question Info


Last updated October 15, 2018 Views 45,945 Applies to:
Answer
How do I verify that an email message is REALLY from Microsoft?

The answer is in the message headers and the Return Path and/or Received From entries. Anyone can register and use any subdomain of the .COM, .ORG,. .NET (etc.) domains, but they cannot have a subdomain of someone else's subdomain.

For example, only Microsoft can own and use e-mail.microsoft.com because they own (and use) microsoft.com. However, the sending address may be spoofed or simply sent through an alternate SMTP server and does not need to originate from the claimed sender's email domain.

Microsoft recently sent me some unnecessary bandwidth in the form of an email, purporting to originate from Explore Windows [ExploreWindows AT e-mail.microsoft.com], but an examination of the message header revealed that the message was trafficked through _HTML-327541689-909156-217021-428 AT bounce.email.microsoftemail.com which isn't even a subdomain of microsoft.com.

A WHOIS on microsoftemail.com revealed that the domain is actually owned by Microsoft. I have absolutely no idea why they felt the need to change mail domains, beyond unnecessarily complicating things for the recipients of the email.

So after a few minutes of examination and information gathering, I've figured out that the email did indeed come from Microsoft. I cheered and then deleted it without having read it or downloaded the images.

42 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer
I received a mail from email.microsoftemail.com this evening asking me to complete a survey on Office products. All looked legitimate and got through all security on laptop. However after starting the survey, emails were sent to all my contacts ...

It sounds as if the return email address was spoofed (i.e. falsified). Another possibility is Microsoft passing over survey duties to an unscrupulous third party. The full email header might reveal something and might not. Data mining is very prevalent and the information is valuable so it is unlikely the general public will ever see the end of it soon. It's more likely that increasingly sophisticated methods of by-passing local security protocols will be used. It's a vicious circle.

... Anyone got any ideas?

As mentioned above, I simply delete the offending material. Think healthy paranoia.

10 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.