In a bizarre network anomaly, Microsoft’s systems briefly redirected traffic destined for example.com to sei.co.jp, a subdomain owned by Sumitomo Electric in Japan.
The incident centers on autodiscover, a feature used by Outlook/Exchange to configure accounts. RFC2606 reserves example.com to prevent live traffic; misconfiguration suggests a misrouted response from the autodiscover service.
An output from a curl session showed that some devices within Azure and other Microsoft networks were connecting to sei.co.jp subdomains such as imapgms.jnet.sei.co.jp (IMAP) and smtpgms.jnet.se.jp (SMTP). A JSON payload surfaced alongside, containing fields like email and protocol endpoints, implying credentials could be directed outside the Microsoft network.
“This appears to be a simple misconfiguration,” said Michael Taggart, senior cybersecurity researcher at UCLA Health, noting the risk that test credentials could be sent to the sei.co.jp endpoints when configuring an example.com account in Outlook.
By Monday morning, the improper routing had ceased, but Microsoft has not publicly explained the incident. A spokesman said the autodiscover flow has been updated and is under investigation, with lingering questions about how Sei’s domain ended up tied to Microsoft’s internal configuration.