- Microsoft routed email traffic from example.com to servers operated by Sumitomo Electric
- A test-only domain was treated as a real email provider in Microsoft systems
- Outlook autodiscovery returned valid IMAP and SMTP servers for fake accounts
In January 2026, network researchers noticed unusual behavior within Microsoft’s infrastructure involving example.com.
This domain exists solely for testing purposes according to established Internet standards, and the Global Domain Registry System protects it.
Traffic that should never have been directed to an actual organization is instead routed to servers operated by Sumitomo Electric, a Japanese brand known for its industrial cables rather than its messaging services.
Autodiscovery anomaly
The anomaly surfaced during routine testing involving Microsoft’s Outlook autodiscovery feature, which immediately raised questions about how such routing could exist.
Requests sent to Microsoft initially produced no explanation, even after the improper routing was stopped.
The problem stems from Microsoft’s automatic detection and discovery systems that it uses when setting up new email accounts, similar to the automated configuration tools used by website building platforms.
When researchers submitted test credentials using example.com, the service returned JSON responses including the hostnames of email servers linked to the sei.co.jp domain.
These responses pointed to IMAP and SMTP endpoints outside of the Microsoft network, even though the credentials were clearly placeholders.
According to RFC2606, example.com should never generate routable service information, making this behavior difficult to reconcile with expected standards.
As of Monday morning, the visible routing behavior had stopped, although Microsoft still did not provide an immediate technical explanation.
Instead of returning server information related to Sumitomo Electric, the same endpoint started timing out and then responded with a not found error.
Microsoft later confirmed that it had updated the service to stop providing suggested server information for example.com, and said the investigation was still ongoing.
The endpoint no longer returned the problematic JSON output, although the underlying routing logic remains unclear.
It remains unclear how a subsidiary domain of Sumitomo Corp. has been integrated into Microsoft’s network configuration, especially in systems comparable in scale to the global web hosting infrastructure.
Previous public statements regarding Sumitomo Corp.’s deployment of Microsoft 365 Copilot. do not explain why a separate enterprise domain appeared in the Autodiscover responses.
Reports suggest that this behavior may have persisted for several years, raising the possibility of long-lasting configuration drift within a critical service.
Microsoft hasn’t said how it adds or audits Autodiscover records internally.
As of this writing, there is no evidence showing malicious intent behind the routing behavior, and no indication to suggest that the user’s true credentials were exposed during normal operations.
The incident revived memories of previous administrative errors revealed by Microsoft, including a forgotten test account that allowed state-backed attackers to access internal systems.
Via Arstechnique
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
