David A. Lessnau
2007-03-06 02:29:57 UTC
I'm not sure if this is the right place to post this since I'm not even sure
anyone from Microsoft (TechNet or otherwise) ever reads the forum (I have
posts going back to early December 2006 and none of the senders' names leap
off the page as being from officialdom). Anyway, I've signed up for
TechNet's (and MSDN's) Flash newsletter. The first one I received had a
sender of ***@newsletters.microsoft.com . However, the second one
(which, I believe was the 21 Feb 2007 issue), had a different sender. I no
longer have the issue, but the sender was a random-looking string of
alphanumerics prepended to the @newsletters.microsoft.com domain and was
followed by the words "on behalf of ***@newsletters.microsoft.com "
(again, this is from memory, so it might not be exact). I had no idea what
to do with that issue. Was it a valid issue? Was it a phishing attempt
using a copy of the newsletter with subtly altered URLs embedded in it to
send me to spoofed web sites? I don't know. So, assuming the newsletter
was valid, a couple of things:
1) Microsoft shouldn't send out newsletters with different senders "on
behalf" of itself.
2) Regardless, Microsoft should sign those newsletters with some form of
certificate. That way, no matter what the sender line says, we'll have some
kind of warm-fuzzy that it actually came from Microsoft.
anyone from Microsoft (TechNet or otherwise) ever reads the forum (I have
posts going back to early December 2006 and none of the senders' names leap
off the page as being from officialdom). Anyway, I've signed up for
TechNet's (and MSDN's) Flash newsletter. The first one I received had a
sender of ***@newsletters.microsoft.com . However, the second one
(which, I believe was the 21 Feb 2007 issue), had a different sender. I no
longer have the issue, but the sender was a random-looking string of
alphanumerics prepended to the @newsletters.microsoft.com domain and was
followed by the words "on behalf of ***@newsletters.microsoft.com "
(again, this is from memory, so it might not be exact). I had no idea what
to do with that issue. Was it a valid issue? Was it a phishing attempt
using a copy of the newsletter with subtly altered URLs embedded in it to
send me to spoofed web sites? I don't know. So, assuming the newsletter
was valid, a couple of things:
1) Microsoft shouldn't send out newsletters with different senders "on
behalf" of itself.
2) Regardless, Microsoft should sign those newsletters with some form of
certificate. That way, no matter what the sender line says, we'll have some
kind of warm-fuzzy that it actually came from Microsoft.