Discovery of the Routing Anomaly
In January 2026, network researchers identified unusual activity within Microsoft’s infrastructure related to example.com. This domain serves exclusively as a testing placeholder under internet standards outlined in RFC2606, protected by the global domain registry to prevent real-world routing.
Despite these safeguards, email traffic for example.com directed to servers managed by Sumitomo Electric, a Japanese company primarily recognized for manufacturing industrial cables, not email hosting.
Details of the Autodiscover Issue
The problem surfaced during standard tests of Microsoft’s Outlook autodiscover service, which automates email account setup much like tools on website builders. When researchers entered test credentials for example.com, the system delivered JSON responses containing mail server details tied to the sei.co.jp domain.
These responses specified IMAP and SMTP endpoints outside Microsoft’s network, even for obviously fictional accounts. Such behavior contradicts RFC2606, which prohibits example.com from yielding any functional service data.
Resolution and Microsoft’s Response
By early Monday, the erroneous routing ended. Queries to the endpoint now result in timeouts or ‘not found’ errors, rather than Sumitomo Electric-linked information.
Microsoft confirmed it updated the service to halt suggested server details for example.com, with an ongoing investigation into the root cause. The company has not detailed the internal processes for adding or reviewing autodiscover records.
Potential Causes and Implications
It remains unclear how Sumitomo Electric’s domain integrated into Microsoft’s configuration systems, which operate at a scale comparable to major web hosting networks. While Sumitomo Corp. has adopted Microsoft 365 Copilot, this does not account for the specific domain’s appearance.
Evidence points to the issue possibly lasting years, suggesting configuration drift in a vital service. No signs indicate malicious activity or exposure of actual user credentials during routine use.
This event echoes past Microsoft oversights, such as a neglected test account exploited by state-sponsored hackers to breach internal networks.
