Digital Event Horizon
Ars Technica has uncovered an intriguing anomaly in Microsoft's network configuration, which involves routing traffic destined for a test domain to a maker of electronics cables located in Japan. The mysterious misconfiguration has raised questions about how this could have occurred and whether it was intentional or a simple mistake.
Summary:
Microsoft's autodiscover service mistakenly routed example.com traffic to a Japanese electronics cable maker's subdomains, sparking questions about the cause of the anomaly and its potential implications for network security.
Microsoft's autodiscover service has been routing traffic destined for the example.com domain to subdomains of sei.co.jp, a Japanese electronics cable maker. The routing is believed to have occurred unintentionally and was fixed within five years, although Microsoft still doesn't know how it happened or if it was intentional. The anomaly raises concerns about potential security vulnerabilities in Microsoft's network configuration. A similar issue with the example.net domain has not been reported. Microsoft is investigating the matter and has updated its service to prevent further suggestions for server information on the example.com domain.
Ars Technica has uncovered an intriguing anomaly in Microsoft's network configuration, which involves routing traffic destined for the example.com domain – a test domain reserved by the Internet Engineering Task Force (IETF) – to a maker of electronics cables located in Japan. The mysterious misconfiguration has raised questions about how this could have occurred and whether it was intentional or a simple mistake.
According to the IETF, the example.com domain is intended to prevent third parties from being bombarded with traffic when developers, penetration testers, and others need a domain for testing or discussing technical issues. Instead of naming an Internet-routable domain, they are supposed to choose example.com or two others, example.net and example.org.
However, it appears that Microsoft's autodiscover service has been routing some traffic destined for example.com to subdomains of sei.co.jp, a domain belonging to Sumitomo Electric. The resulting text is mostly what's expected, but the JSON-based response is different from what's expected.
Output from the terminal command cURL shows that devices inside Azure and other Microsoft networks have been routing some traffic to subdomains of sei.co.jp. Most of the resulting text is exactly what's expected, but the exception is the JSON-based response. The JSON output from Friday reads:
{"email":"email@example.com","services":[],"protocols":[{"protocol":"imap","hostname":"imapgms.jnet.sei.co.jp","port":993,"encryption":"ssl","username":"email@example.com","validated":false},{"protocol":"smtp","hostname":"smtpgms.jnet.sei.co.jp","port":465,"encryption":"ssl","username":"email@example.com","validated":false}]}
Similarly, results when adding a new account for test@example.com in Outlook looked like this:
This behavior was the result of Microsoft's autodiscover service. When asked early Friday afternoon why Microsoft was doing this, a representative had no answer and asked for more time. By Monday morning, the improper routing was no longer occurring, but the representative still had no answer.
Update: In an email sent after this post went live, the representative confirmed that Microsoft has "updated the service to no longer provide suggested server information for example.com." As already reported here, the behavior only affected people configuring email accounts through the Outlook autoconfiguration feature. The representative added that Microsoft is investigating.
Dan Tentler, founder of Phobos Group, noted that "it looks like they may have outright removed the endpoint that validates the email, because I’m seeing ‘not found’ errors." He explained that this suggests that Microsoft admins just ripped out whatever this thing was.
However, it's unclear how Sumitomo Electric's domain would have found itself part of this mess. Microsoft last year said the Japanese company’s parent company, Sumitomo Corp., was deploying Microsoft 365 Copilot, but that still doesn't explain why a subsidiary's domain was added to Microsoft's network configuration.
Questions sent to Microsoft include: How are autodiscover records added at Microsoft; was the routing intentional; and how long has the behavior been occurring? Tinyapps.org, which noted the odd routing behavior earlier this month, said it lasted five years. There doesn't appear to be anything nefarious about the improper routing, and as long as people inside Microsoft's network weren’t sending live credentials in tests, there was no danger posed.
There’s still reason for concern. In 2024, Microsoft revealed that one of its admins had assigned administrative privileges to a test account on the company network and then forgot about it. Russia-state hackers seized on the gaffe to gain initial access to Microsoft's system. They went on to root through the network and monitor top executives' email for two months. The routing misconfiguration for example.com raises the question: What other possibly more severe errors lurk on the network?
Related Information:
https://www.digitaleventhorizon.com/articles/Microsofts-Mysterious-DNS-Misconfiguration-A-Look-into-the-Unexplained-Routing-of-Examplecom-Traffic-to-a-Japanese-Electronics-Cable-Maker-deh.shtml
https://arstechnica.com/information-technology/2026/01/odd-anomaly-caused-microsofts-network-to-mishandle-example-com-traffic/
https://windowsforum.com/threads/microsoft-365-copilot-japan-outage-mo1198797-traffic-routing-and-recovery.394207/
Published: Mon Jan 26 16:32:09 2026 by llama3.2 3B Q4_K_M
