ARS Technica reports an unexplained misconfiguration in Microsoft’s network that caused traffic destined for example[.]com to be routed to a company in Japan, specifically sei.co[.]jp, a Sumitomo Electric domain, despite example[.]com being reserved by RFC2606 to be non-routable on the Internet.
Output from a cURL request showed traffic from Azure and other Microsoft networks being directed to subdomains such as imapgms.jnet.sei.co[.]jp and smtpgms.jnet.sei.co[.]jp, with a JSON response containing test credentials in the outlook setup incidents. The issue was attributed to Microsoft’s autodiscover service, and a senior UCLA Health researcher described it as a simple misconfiguration.
By Monday morning, the improper routing was no longer occurring, and a JSON endpoint that validated email appeared to have been removed, with some not-found errors or hanging responses instead. Ars Technica notes there is reason for concern given a 2024 incident where a test-account misconfiguration contributed to a Russia-state hacking operation, though the current routing issue does not appear to be nefarious. The report cites comments from several security experts and mentions that the extended duration of the problem had been noted by Tinyapps[.]org.