Security → No more MS security e-mails!

I just got this e-mail from MS:

Date: Fri, 27 Jun 2014 11:37:53 -0600
From: Microsoft
To: [deleted]
Subject: Microsoft Security Notifications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning
the issuance of automated electronic messaging, Microsoft is
suspending the use of email notifications that announce the
following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of
the RSS feeds described on the Security TechCenter website.

For more information, or to sign up for an RSS feed, visit the
Microsoft Technical Security Notifications webpage at
»technet.microsoft.com/se ··· dd252948.
...

I prefer e-mails! Argh.

I guess, NSA centers, collecting mails, are overloaded with these messages and for this kind of correspondence now they recommend to use other channels

Got my end-of-days notice from MS, not one, but twice antdude

MS is going to get a shellacking from IT Pros on this that don't have the time to collate all this stuff up online.

This is what we get for stupid gvt legislation trying to eliminate spam. All it's going to accomplish is fucking up all the legitimate mass mailings such as this. I've been watching the fallout from the Canadian anti-spam law lately and it's a farce. Lot of time and energy wasted by legitimate companies, whereas the spammers aren't going to give a shit, and aren't going to be found anyway.

No kidding. Yeah, I got twice too. I think it is because I subscribe to two different MS bulletin subscriptions with the same e-mail address.

I use one email addy for all my MS Security email, as you can pick and choose what is contained or was contained in that email.

More as I know more as these mailings from MS just went out today. I strongly suspect MS has a PR Team in the wings waiting to do damage control on this.

Those with Twitter accounts may reach out to the MS Team.
»twitter.com/msftsecresponse

Microsoft to suspend certain email security notifications

quote:

---

We have asked Microsoft for clarification on what governmental policies are at issue and will update the story when we get more information.

---

»www.zdnet.com/microsoft- ··· 0031017/

UPDATE: It appears that the change is due to a new Canadian anti-spam law which goes into effect on July 1. Microsoft Canada has an opt-in page for users to allow emails. This is in reply to zdnet's question as to why.

And getting this information wasn't only for ITs. I got my notice today, and am no IT but am truly p***ed about the change.

I just got my notice. UGH.

Since when has Microsoft been required to follow Canadian spam laws when the subscriber resides in the USA?

I don't do feeds and I block Twitter. I want my Microsoft emails and I subscribe to a bunch! Upon looking more closely at the ONE email I have received, Microsoft says this new policy applies only to the Security Bulletin and related advisories. So, I'll still be getting all the other Microsoft newsletters, etc that I subscribe to? If so, how come only Security Bulletin stuff is spam and all the other newsletters, alerts, etc that one can subscribe to from Microsoft is not spam? Or should I expect a bunch more emails from Microsoft telling me that everything I subscribe to by email is now considered spam in Canada and the USA is ruled by Canadian spam laws even for USA subscriptions?

The validity of the MS Canada opt-in link is now being questioned as those of us in Canada do not want to alter any known-good email subscription preferences.

I'm not going to mess with mine for now.

Did you Canadians have to subscribe like I had to in the USA?

I vividly recall once before when Microsoft had to stop sending the Bulletins (and related) because TWC had blocked ALL email from Microsoft as being spam! TWC abuse told me that the reason for the ban was because Microsoft did not require verification that the person subscribing had actually, with knowledge and full intent, subscribed. In other words, a bot could have subscribed or a script kiddie playing jokes on people could have unknowingly subscribed many people without their knowledge. If it hadn't been TWC blocking another big ISP would have done so eventually because Microsoft's backward policy was a haven for spammers.

Getting that information out of TWC abuse was like pulling teeth. Microsoft had already told me they did not know why TWC had banned their emails and TWC was ignoring their requests for answers. I told Microsoft what I had learned and said that I agreed with TWC's ban and I requested Microsoft to immediately clean up their act as TWC told me that once Microsoft had two step verification for their email subscriptions that then the block would be removed. I gave Microsoft the contact information for the TWC abuse center person that I had finally been able to speak with. It wasn't very long before Microsoft had two step authentication and after I resubscribed in the new manner I began receiving the bulletins (and other Microsoft newsletters) again.

I don't see how bots or devilish pranksters can cause spam to be sent from Microsoft after those changes were made so is the signup for Microsoft newsletters different in Canada? Or maybe it has something to do with Windows 8 and Microsoft's push to get everyone on Win 8 to use Microsoft accounts? Has it maybe been made too easy (for the Windows 8 users) to sign up for the Microsoft newsletters, thus, allowing spammers to easily spam again? (I have a Windows 8 machine but I have a local account ONLY on it. My Microsoft account goes back MANY years and is completely separate from having a Windows 8 machine).

I live in Canada. I have lost count of how many emails I've received in the last three months from various companies asking me to verify that I wish to continue receiving emails from them. But only Canadian ones. Since MS has a Canadian presence, they need to comply with this goofy new law, too.

Ok. But I ask again why did Microsoft decide that the USA, and subscriptions from USA citizens to the Microsoft Security Bulletin Service, is governed by Canadian law? Microsoft could have joined other Canadian countries and requested verification (which is what I suppose the verification page mentioned by siljaline is to accomplish by asking Canadians to opt in to receiving the emails). That's a reasonable method of complying with Canada's new spam law.

But what I really want to know is why, when the USA has NOT passed any such spam law and the verification for subscription to Microsoft newsletters, including the Security Bulletin Service, is TWO STEP and thus prevents spammers, has Microsoft decided to apply Canadian law to the USA subscribers and also, at the same time, apply it in an UNACCEPTABLE MANNER? Where's the USA opt in page?

The issue is that email sent to CANADIAN recipients must be preceded by obtaining their explicit consent. Unfortunately, it's often impossible to tell what country someone lives in if all you have is their email address. Therefore, to ensure compliance (fines for breaking this law are up to $10,000,000 PER INFRACTION), it's best to play it safe.

OK. Except you have to set up a Microsoft account in order to subscribe to Microsoft newsletters and you can't just give an email address. Microsoft has my name, address, phone number and a credit card (but the credit card was years ago although I suspect they still have records from when I purchased mice and other stuff). A few years ago, Microsoft suddenly demanded my birth certificate and Social Security number because they had decided erroneously that I was under 13. I wasn't about to send them a copy of my driver's license and Social Security number just because they made a stupid mistake! It took months to straighten it out and during that time I could not signin to Microsoft Vault or do some other things because there was a block on my Microsoft account saying I was under 13 and needed parental consent.

So, is signing up for a Microsoft account completely different today? Bots can sign up? Children under 13 can sign up without proof of parental consent? I still don't understand how Microsoft can think they could be subject to having broken the spam law because I have not seen evidence that signing up for a Microsoft account has changed back to how it was when TWC got pissed and banned Microsoft emails for spamming and I was somewhat instrumental in getting all that changed. You are saying Microsoft stupidly went back to how it used to be when children and bots and those playing spoofs on people could signup for a Microsoft account way too easily? I don't know because the account that I have for Microsoft beta testing, Vault (that I have not used in ages), newsletters, Microsoft Feedback Panelist, etc. was not easy to signup for and Microsoft knows my ISP, my home address, etc.

I don't believe for ONE SECOND that Microsoft has ANY DECENT REASON FOR WHAT THEY HAVE DONE TO USA CITIZENS based on a Canadian law. Heck, Microsoft Canada has a signup page opt in to continue to get the newsletters. MICROSOFT HAS NOT SET UP SUCH A PAGE FOR USA CITIZENS. So, I do NOT believe that Microsoft suddenly banning me from receiving the Bulletins in email has anything whatsoever to do with the new Canadian spam law. MICROSOFT KNOWS my account that is subscribed to their newsletters is a USA one (especially after the hell I had to go through several years ago when Microsoft suddenly decided for no discernible reason that I was under 13).

I think Microsoft is pulling this shit on USA subscribers simply because the new Canadian law gives them an EXCUSE to stop Bulletin emails to everybody EXCEPT THOSE CANADIANS WHO OPT IN TO RECEIVE THEM AND GET ENTERED INTO A GIVEAWAY FOR DOING SO. Where is the USA opt in page???????

even if canada has an "opt-in" for "spam", that is not a reason for MS to quit sending newsletters.. people can "opt-in" for the newsletter, if needed..

mele20, judging by your anger level, it sounds to me that this is the worst cross-border annoyance you have to deal with. Lucky you. Try living on this side of the border and putting up with things like US protectionist trade practices, over-inflated pricing on Canadian-made goods owned by American companies that are almost always cheaper in the US, or insane UPS brokerage charges on shipping a small item that is higher than the value of the item - stuff that affects our economy and our day-to-day lives.

I would like to point out that I use an @gmail.com email address, and my ISP email also has a .com domain name. So they are not discriminating, and frankly it's a good business practice for them to ensure their customers are getting the communications they want/need/don't want.

Some interesting insight on this debacle via:
Brian Krebs

quote:

---

“I am at a complete and total loss to understand how the people in Redmond made such an apparently panicked decision,” Schwartzman said,” noting that Microsoft was closely involved in the discussions in the Canadian parliament over the bill’s trajectory and content. “This is the first company I know of that’s been that dumb.”

---

quote:

---

“I can imagine the discussion and wondering among the lawyers and [Microsoft] whether they should try to get hundreds of millions of opt-ins before June 30 or if they should change the way they share info,” Williams said. “I’m sure it wasn’t an wasn’t an easy decision, but I wouldn’t call it an overreaction.”

---

The MS Profile Center: for those may wish to change or cancel your subscription preferences -- is currently overloaded.
»profile.microsoft.com/Re ··· eCenter/

Might be Microsoft feared a mega corp with over $100 billion in cash has a big bull’s-eye on its forehead.

Might be coincidence, but I notice my iPod that uses an iCloud email hasn't been getting Apple and iTune spam anymore. Sweet! Go Canada!

Just got the below from Microsoft via email:
It would seem those that are subscribed - will continue to get their notifications as per normal.

I see this »technet.microsoft.com/en ··· dd252948 hasn't changed yet to reflect Microsoft's reversal.

Ironically, Microsoft does spam. I just got an unsolicited email from them. I get unsolicited ones infrequently though and the one I just got, I found very interesting and a well done presentation:

»www.microsoft.com/securi ··· hapter-1

Good point.

This could just be a convenient excuse for them to stop sending emails about the defects in their products; to stop advertising about their short-comings. I doubt they will be sending out any sort of updates if/when they get everyone pushed into a rental model (like Adobe).

Well, Microsoft has reversed itself on this and is continuing the Security Service Bulletins.

As for the unsolicited email, I didn't notice what was at the bottom right away because I clicked on the link to show me the presentation in PaleMoon. Later, I looked at the rest of the email and at the bottom was this:

"If you would prefer not to receive future promotional emails from Microsoft Corporation please click here. These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services."

So, it is easy to opt out. Since I enjoyed the Cyberspace 2025 presentation (and recommend it to all) and I don't get spam/promotional emails often from Microsoft, I am not going to opt out at this time. It is very good though to know it will be easy to opt out in the future if I wish.

Microsoft to resume email security notifications

quote:

---

After a weekend of questions and confusion, the company has decided not to stop using emails to notify customers of security issues

---

»www.zdnet.com/microsoft- ··· 0031089/

»arstechnica.com/informat ··· ng-list/ as well. It is coming back. Yay!

That Ars Technica article stated:

"This, of course, means using an RSS reader of some kind, making it rather less convenient than the e-mailed notices."

Thanks to a reader's comment, I think at Brian Kreb's article on this, I learned that as of Thunderbird 24.0 that it can make RSS feeds act much like emails! I haven't tried it yet but I am going to!

»support.mozilla.org/en-U ··· nd-blogs

Microsoft Set to Resume Security Notification Email Service on July 3 A more formal blog post by the company will follow shortly

Canada's new anti-spam law: Can it really clean up your inbox?

quote:

---

The recent anticipation around the arrival of Canada's anti-spam law today had a rather ironic impact. It actually increased the amount of email in your inbox.

As businesses braced for the new legislation, which has taken on the acronym CASL, they were firing off a torrent of email requests asking people for permission to keep sending emails.

---

»www.cbc.ca/news/technolo ··· .2688773

I believe SeaMonkey can too.