The fact that Microsoft doesn't just whitelist their own domains speaks to their commitment to strict security measures and good engineering culture. Special cases aren't special enough to break the rules.
If they don't whitelist and use the rate at which their own emails end as spam to improve their spam filter, that's great engineering culture.
If they don't whitelist and the emails just land in spam without anyone taking notice, that reminds me more of the well-known slightly satirical image of Microsoft's org chart [1]
Adversarial collaboration is a real thing. Similar to journalism/advertising there aught to be a wall between spam detection and marketing. When any enterprise become large and diverse enough, parts of it will have adversarial postures.
On the other hand, `notify.trafficmanager.net.`, the domain name used for Edge push notifications through Azure Traffic Manager, currently points to `notify1.ontario.ca.` with a CNAME record. This resulted in an Edge push notification outage a couple weeks ago, but they never fully fixed it. Push notifications are working again because they use subdomains of `notify.trafficmanager.net`, but `notify.trafficmanager.net` itself is simultaneously used by one of their Azure customers--and they seemingly have no idea.
In other words: `*.notify.trafficmanager.net` is special-cased, and this has caused problems.
Or terrible at writing emails, or configuring high volume sends, so that they don't look spammy.
I work for a market research company. Most of our projects gain survey responses via market research panels - or panel marketplaces - so we don't need to email people to ask them to fill in surveys. But we do plenty of projects for clients who send us mailing lists of their customers, who we then contact to fill out surveys.
This is all fine and good but when you're contacting completely different lists of people all the time it's really easy to end up looking like a spammer (this is also why platforms like Sendgrid, and Mailchimp - although great in many ways - aren't a good fit for a market research use case: you're not just contacting the same list, or subsets of that list, over and over; mostly you're contacting different lists for each project, unless you're following up for a single client).
We've had to build our own mailing platform to do this successfully, so that our email is actually delivered into peoples' inboxes, rather than going to their spam folders.
And it's not just the content of the email that matters: it's how you send it, making sure you have DKIM and whathaveyou configured correctly, whether the HTML is valid, etc. Our system automatically checks every aspect of an email before anyone is allowed to hit send (and each send has to be reviewed by one of a list of approved individuals). It also checks the mailing list and cleans out any addresses that are likely to be bad, or who have unsubscribed. Again, if you're not careful about who you send email to, you'll look like a spammer.
A big chunk of our business depends on our ability to get emails into inboxes, so we take great care to make sure that happens. Reputation is everything when it comes to bulk emailing in market research. Because humans under pressure to deliver sometimes cut corners we've baked that great care right into our systems. They're not foolproof, but it's now really quite hard, and would require concerted and deliverate effort, for anyone on our team to send an email without the vast majority of intended recipients receiving it.
This whole thing is a kind of nightmarish arms race but I've been doing this for long enough that I'd put money on it not being Microsoft's spam classification doing it wrong here.
- notice IP is blacklisted, so the email doesn't even end in spam
Great engineering. Users must be excited MS allows them to send e-mail to servers they know are blacklisted, so will not be able to receive the reply from.
Great [honest] engineering would be to just refuse to send the e-mail and tell the user that they are not allowed (by MS) to communicate with this recipient.
One of the signals they use for classifying spam is people clicking "Report Message->Junk" in Outlook, so it's probably a constant battle with people who forget they signed up for something and call it junk.
People forget they signed up for something, didn't opt-out, got on some list from a conference they attended, etc. and just report as Spam even though there's an unsubscribe link.
Frankly, the vast bulk of the email in my Spam folder isn't egregious fake medicine and the like. It's mostly low quality mailing lists, much of which isn't much different from what ends up in my inbox.
> didn't opt-out, got on some list from a conference they attended
I would totally consider emails I received because of either of those things as spam. If I get an unsolicited email, it gets reported as spam regardless of the presence of an opt-out link. I wouldn't click any link in an email that came from someone I didn't opt into getting email from.
If they were, they'd still be bleeding users like they did when Gmail came on the scene. That's why I switched; Hotmail 20 years ago did not appear to do any kind of spam blocking at all.
Today, Outlook.com and Hotmail.com combined still have a pretty strong market share.
I hope this refers to something behind the scenes that I as a Hotmail/Outlook user am unable to see. Because UI and product-wise, I don't see much evidence at all that someone of a good engineering culture cares about the experience I'm having with the product.
Would likely be different teams working on spam detection and on the frontend though. The cultures could vary wildly between them, as well as how they fit into the wider product development flows/structures.
Moreover they don't even whitelist their own IPs for some basic checks like SPF, which can be skipped. I have a work email (using Microsoft services) and another company mailing list, which my email is member of (also on Microsoft). At some point sending email to that mailing list triggered bouncing between Microsoft own servers eventually resulting in my email being automatically removed from mailing list. Basic investigation showed that one Microsoft server rejected emails from another one because of bad SPF record. Either company spent months solving the issue with Microsoft. The issue disappeared eventually magically the same way it appeared.
Teaching people to look for official communication from Microsoft in their spam folders invites phishing attacks. Fastmail puts a special seal on account-related communications from Fastmail; I think that’s good and wise.
You'd think that they'd have a non-domain-based way to do it, like cryptographically signing their own damn emails with a key embedded in outlook or something.
Then they go and immediately go and shaft you with a set of non-opt-outable welcome emails with Windows 11. I think any credit due can be shoved up their ass.
They can and do whitelist all sorts of things for special cases. Microsoft is good at what they do, but they are a pragmatic company.
My guess here is that some junk folder routing is on client side, or the user flagged junky email from the same infrastructure as junk. Or, O365 tweaked some settings to address the issues with spammers using Outlook infrastructure that bypasses spam controls.
Now that it's hit the HN front page and will presumably be drawn to light of some managers, it will be interesting to see if the behavior remains the same in a few weeks.
This isnt worth correcting people over and inserts a level of grievance that isnt called for. For the record I like some of the more recent phrasings - blocklist in particular is nice being that it is self describing.
Being this obnoxious won't help the cause at all. Keep using this alternative yourself when you can. Perhaps it will naturally fade out of use. For instance, you could have commented about it using "allowlist" in your own writing and it would be just natural.
Personally I'd say we have a limited bandwith to talk about prejudice in the public discourse. I'd rather we don't waste it away with useless remarks.
The comment contained a grand total of three words. If someone has this initial reaction to those words in this context, perhaps they should consider their priors.
You see, that's a problem. I'm left-wing. I'm part of minorities. I won't give up my political convictions and side with reactiona... I mean, conservatives because I'm annoyed by this focus on the raw words and not on intention.
Yet, just remarking this is enough for insinuations like yours.
Not everybody cares about this stuff. The majority of HN users come from outside the United States, as previous polls showed. Please stop trying to force us to care about your history and internal political issues, we have enough of our own.
I'm not from the United States. But am from a country that has deep racial issues. "Black" items are to be excluded/blocked, while "white" ones will be included/accepted. In a world where there are racism problems in most societies - many of which are about dark and light skin colour - this can be experienced by some as just one more implicit bias of white/black being good/bad.
The standard you walk past is the standard you accept. Happy to eat the downvotes here.
If they don't whitelist and the emails just land in spam without anyone taking notice, that reminds me more of the well-known slightly satirical image of Microsoft's org chart [1]
1: https://bonkersworld.net/organizational-charts