• July 17, 2017
    Announcement: New site design for Microsoft Community

    In July, Microsoft will roll out the first of ongoing site improvements aimed to modernize Microsoft Community and help customers get the most out of their community experience.

    • During the roll out period, you may see the old or new site design depending on your location

    • We expect the roll out to finish by 31 July

    Note: Past private message conversations will not move to the new site design. Please save any private messages you would like to keep.

     Learn more about the upcoming site improvements in this thread.

    Thank you for being part of Microsoft Community!

 
Question
30847 views

How do I verify that an email message is REALLY from Microsoft?

JoanH asked on
How do I verify that an email message is REALLY from Microsoft? I got a message from Microsoft [*** Email address is removed for privacy ***] and I do NOT know if this is really from Microsoft. This is happening a lot - I use Outlook, and it sometimes sends messages to junk mail when a company adds the characters "e-mail." in front of their domain.
60 people had this question

Abuse history


The answered status icon Answer
Jeeped replied on
How do I verify that an email message is REALLY from Microsoft?

The answer is in the message headers and the Return Path and/or Received From entries. Anyone can register and use any subdomain of the .COM, .ORG,. .NET (etc.) domains, but they cannot have a subdomain of someone else's subdomain.

For example, only Microsoft can own and use e-mail.microsoft.com because they own (and use) microsoft.com. However, the sending address may be spoofed or simply sent through an alternate SMTP server and does not need to originate from the claimed sender's email domain.

Microsoft recently sent me some unnecessary bandwidth in the form of an email, purporting to originate from Explore Windows [ExploreWindows AT e-mail.microsoft.com], but an examination of the message header revealed that the message was trafficked through _HTML-327541689-909156-217021-428 AT bounce.email.microsoftemail.com which isn't even a subdomain of microsoft.com.

A WHOIS on microsoftemail.com revealed that the domain is actually owned by Microsoft. I have absolutely no idea why they felt the need to change mail domains, beyond unnecessarily complicating things for the recipients of the email.

So after a few minutes of examination and information gathering, I've figured out that the email did indeed come from Microsoft. I cheered and then deleted it without having read it or downloaded the images.
48 people found this helpful

Abuse history


The answered status icon Answer
Jeeped replied on

I received a mail from email.microsoftemail.com this evening asking me to complete a survey on Office products. All looked legitimate and got through all security on laptop. However after starting the survey, emails were sent to all my contacts ...

It sounds as if the return email address was spoofed (i.e. falsified). Another possibility is Microsoft passing over survey duties to an unscrupulous third party. The full email header might reveal something and might not. Data mining is very prevalent and the information is valuable so it is unlikely the general public will ever see the end of it soon. It's more likely that increasingly sophisticated methods of by-passing local security protocols will be used. It's a vicious circle.

... Anyone got any ideas?

As mentioned above, I simply delete the offending material. Think healthy paranoia.

13 people found this helpful

Abuse history


progress