Get the latest tech news

Shifting Cyber Norms: Microsoft security POST-ing to you


tl;dr: Microsoft and other email security scanners will visit the links in email you transmit, and run the JavaScript in those links, including calls that lead to POSTs going out. This used to be unacceptable, since POSTs have side effects. Yet here we are. This breaks even somewhat sophisticated single-use sign-on / email confirmation messages. Read on for how to deal with this, and some thoughts on how we should treat gatekeepers like Microsoft that can randomly break things & get away with it.

Similarly, and you may find this hard to believe, but back when the first spam filters were invented, there were arduous discussions among mail server operators if they should even be allowed to do that, even if users wanted it. Also, software “phoning home” was regarded as reprehensible, even for such things as checking the availability of new versions with possible security updates. Lately however, operators of services (like me) have found that the links they send to users to sign in, or confirm their accounts, actually lead to POST requests coming from Microsoft.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Microsoft

Microsoft

Photo of cyber norms

cyber norms

Related news:

News photo

Linux 6.14 Adds Support For The Microsoft Copilot Key Found On New Laptops

News photo

Microsoft's LinkedIn sued for disclosing customer information to train AI models | Reuters

News photo

Microsoft's LinkedIn Sued For Disclosing Customer Information To Train AI Models