- Microsoft routes email traffic from example.com to servers operated by Sumitomo Electric
- A test domain was treated like a real email provider within Microsoft systems.
- Outlook autodetect returned valid IMAP and SMTP servers for fake accounts
In January 2026, network researchers noticed unusual behavior within Microsoft infrastructure involving example.com.
This domain exists strictly for testing against established Internet standards and is protected by the global domain registration system.
Traffic that should never have gone to any real organization, but is instead routed to servers operated by Sumitomo Electric, a Japanese brand known for industrial cables rather than email services.
Automatically discover anomaly
The anomaly appeared during routine testing involving Microsoft’s Outlook autodiscover feature, raising immediate questions about how such routing could exist.
Requests sent to Microsoft initially produced no explanation, even after the incorrect routing ceased.
The issue originated from Microsoft’s detection and auto-discovery systems that it uses when setting up new email accounts, similar to the automated setup tools used by website building platforms.
When researchers submitted test credentials using example.com, the service returned JSON responses that included host names of mail servers linked to the sei.co.jp domain.
These responses pointed to IMAP and SMTP endpoints outside of Microsoft’s network, although the credentials were clearly placeholders.
According to RFC2606, example.com should never generate routable service information, making this behavior difficult to reconcile with expected standards.
As of Monday morning, the visible routing behavior had ceased, although Microsoft still did not provide an immediate technical explanation.
Instead of returning server information linked to Sumitomo Electric, the same endpoint started timing out and then responded with a not found error.
Microsoft later confirmed that it had updated the service to stop providing suggested server information for example.com and stated that the investigation was still ongoing.
The endpoint no longer returned the problematic JSON output, although the underlying routing logic remained unclear.
How a Sumitomo Corp. subsidiary domain came to be integrated into Microsoft’s network setup remains uncertain, especially within systems comparable in scale to the global web hosting infrastructure.
Previous public statements about Sumitomo Corp.’s implementation of Microsoft 365 Copilot do not explain why a separate corporate domain appeared in autodiscovery responses.
Reports suggest that the behavior may have persisted for several years, raising the possibility of a long-lasting configuration drift within a critical service.
Microsoft has not clarified how it internally aggregates or audits autodiscovery logs.
As of this writing, there is no evidence to show malicious intent behind the routing behavior, and no indication suggests that the user’s actual credentials have been exposed during normal operations.
The incident revived memories of previous administrative oversights revealed by Microsoft, including a forgotten test account that allowed state-backed attackers to access internal systems.
Through art technique
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
