Microsoft routed example.com traffic to Sumitomo Electric subdomains

Microsoft’s network was routing traffic destined for example.com — a domain reserved for testing — to a maker of electronics cables in Japan, the report says; the behavior was observed on Friday and had stopped by Monday morning, according to the article. Under RFC2606, example.com is reserved for documentation and testing and is intended to resolve to addresses controlled by the Internet Assigned Numbers Authority so third parties are not accidentally inundated when developers or testers use the name.

Output captured with cURL showed devices inside Azure and other Microsoft networks resolving example.com subdomains to sei.co.jp, a domain belonging to Sumitomo Electric. Most of the returned content looked routine, but a JSON response included an example email and two mail server entries pointing to imapgms.jnet.sei.co.jp and smtpgms.jnet.sei.co.jp; similar results appeared when adding a test@example.com account in Outlook, the report says.

UCLA Health senior cybersecurity researcher Michael Taggart called the issue "a simple misconfiguration" and warned that anyone who tried to set up an Outlook account for example.com might accidentally send test credentials to those sei.co.jp subdomains, according to the article. A Microsoft representative had no explanation early on Friday and asked for more time; by Monday the improper routing was no longer occurring, but the representative still had no answer.

microsoft misconfiguration, microsoft routing example.com, example.com reserved domain, rfc2606 reserved domain, internet assigned numbers authority, sumitomo electric, sei.co.jp subdomains, imapgms.jnet.sei.co.jp, smtpgms.jnet.sei.co.jp, autodiscover service, outlook account setup, test@example.com outlook, json response, curl output, azure network devices, test credentials exposure, michael taggart, ucla health, email traffic routing, mail server entries, imap and smtp hosts, example.net