Funforgegames
Technology

Microsoft has finally fixed a bizarre issue that saw it reroute traffic to an obscure Japanese company - so what exactly went wrong?

January 31, 2026 5 min read views
Microsoft has finally fixed a bizarre issue that saw it reroute traffic to an obscure Japanese company - so what exactly went wrong?
  1. Pro
Microsoft has finally fixed a bizarre issue that saw it reroute traffic to an obscure Japanese company - so what exactly went wrong? News By Efosa Udinmwen published 31 January 2026

Not hacking or espionage, just a strange routing mistake hiding in plain sight, Microsoft says

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft (Image credit: Future) Share Share by:
  • Copy link
  • Facebook
  • X
  • Whatsapp
  • Reddit
  • Pinterest
  • Flipboard
  • Threads
  • Email
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google
  • Microsoft routed example.com email traffic to servers operated by Sumitomo Electric
  • A test-only domain was treated as a real email provider inside Microsoft systems
  • Outlook autodiscover returned valid IMAP and SMTP servers for fake accounts

In January 2026, network researchers noticed unusual behavior inside Microsoft’s infrastructure involving example.com.

This domain exists strictly for testing under established internet standards, and the global domain registry system protects it.

Traffic that should never have resolved to any real organization instead routed to servers operated by Sumitomo Electric, a Japanese brand known for industrial cables rather than email services.

You may like
  • Microsoft 365 new app icons Major Microsoft 365 outage left users without access to emails and files - here's what we know
  • A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system This phishing campaign spoofs internal messages - here's what we know
  • Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration. Microsoft 365 users targeted by major new phishing operation - here's how to stay safe

Autodiscover anomaly

The anomaly appeared during routine tests involving Microsoft’s Outlook autodiscover feature, which raised immediate questions about how such routing could exist at all.

Requests sent to Microsoft initially produced no explanation, even after the improper routing stopped.

The issue originated in Microsoft’s autodetect and autodiscover systems that it uses when configuring new email accounts, similar to automated setup tools used by website builder platforms.

When researchers submitted test credentials using example.com, the service returned JSON responses that included mail server hostnames linked to the sei.co.jp domain.

Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

These responses pointed to IMAP and SMTP endpoints outside Microsoft’s network, even though the credentials were clearly placeholders.

Under RFC2606, example.com should never generate routable service information, which makes this behavior difficult to reconcile with expected standards.

By Monday morning, the visible routing behavior had ceased, although Microsoft still did not provide an immediate technical explanation.

You may like
  • Microsoft 365 new app icons Major Microsoft 365 outage left users without access to emails and files - here's what we know
  • A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system This phishing campaign spoofs internal messages - here's what we know
  • Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration. Microsoft 365 users targeted by major new phishing operation - here's how to stay safe

Instead of returning server information tied to Sumitomo Electric, the same endpoint began timing out and then responded with a not found error.

Microsoft later confirmed that it had updated the service to stop providing suggested server information for example.com, and it stated that the investigation remained ongoing.

The endpoint no longer returned the problematic JSON output, although the underlying routing logic remained unclear.

It remains uncertain how a subsidiary domain of Sumitomo Corp. became embedded in Microsoft’s network configuration, especially within systems comparable in scale to global web hosting infrastructure.

Previous public statements about Sumitomo Corp. deploying Microsoft 365 Copilot do not explain why a separate corporate domain appeared in autodiscover responses.

Reports suggest the behavior may have persisted for several years, which raises the possibility of long-standing configuration drift within a critical service.

Microsoft has not clarified how it adds or audits autodiscover records internally.

As of the time of writing, no evidence shows malicious intent behind the routing behavior, and no indication suggests that real user credentials were exposed during normal operations.

The incident revived memories of earlier administrative oversights disclosed by Microsoft, including a forgotten test account that allowed state-backed attackers to access internal systems.

Via Arstechnica

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Microsoft Efosa UdinmwenEfosa UdinmwenFreelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Microsoft 365 new app icons Major Microsoft 365 outage left users without access to emails and files - here's what we know    A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system This phishing campaign spoofs internal messages - here's what we know    Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration. Microsoft 365 users targeted by major new phishing operation - here's how to stay safe    A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system Hackers distribute thousands of phishing attacks through Mimecast's secure-link feature    A padlock icon next to a person working on a laptop. Your email app isn't the weak link but your cloud configuration probably is    Close up of a person touching an email icon. Watch those typos - email mistakes are causing significant security issues    Latest in Pro Hacker silhouette working on a laptop with North Korean flag on the background This dangerous North Korean malware has now split into three entities for maximum impact    Digital image of a lock. Marquis confirms data breach, point finger of blame at SonicWall firewall    AI image Over 175,000 publicly exposed Ollama AI servers discovered worldwide - so fix now    KYY X90E Portable Monitor KYY X90E portable monitor review    representational image of a cloud firewall Data sovereignty creates an illusion of security: the real battle is software integrity    DDoS attack The biggest DDoS attack ever has been detected - but fortunately you probably barely noticed it    Latest in News Three phones on a pink background showing the new Fitbit app Fitbit users get more time to migrate their accounts over to Google    Nvidia Shield TV updates will continue, and a new device may appear too    A still of Disneyland Construction from 'Disneyland Handcrafted' ‘One month out, they’re still building Tomorrowland’: Disneyland Handcrafted reveals all    Alex Honnold climbing, Sam Altman presenting, and a runner in a Whoop band. ICYMI: the week's 7 biggest tech news stories for January 31, 2026    Maingear Retro98 PC shown on a desk next to old CRT monitors Maingear Retro98 PC is a boxy beige tower, but packs cutting-edge hardware    Black Ops 7 Season Two promotional material. Black Ops 7 Season 2 features seven new weapons, including a brutal handheld buzzsaw    LATEST ARTICLES
  1. 1RayNeo Air 3s Pro review: Getting my mind to adjust to the 201-inch screen simulation took a while - but once it did, these display glasses proved impressive
  2. 2Outages, cable cuts, power failures, and more - 2025 was a rough year for the internet; these were its toughest moments
  3. 3Fitbit users have been given more time to migrate their accounts over to Google
  4. 4watchOS fitness apps need to make better use of the Apple Watch’s incredible user interface
  5. 5Quordle hints and answers for Sunday, February 1 (game #1469)

Related Articles