As the article claims, it doesn’t get delivered. Not even in the spam folder.
Other email between the same addresses goes through without problems.
EDIT: the Exchange admin center has the email quarantined with reason “malware”, discovered through “URL detonation reputation”.
This wasn't the only reason why I switched to Fastmail after 17 years of selfhosting, but it was among them.
O365 Hosted, but non-governmental.
I do understand the ideer of letting a large IT organisation handle you email. Working email is a high priority, if not Microsoft or Google can make it work, who can?
But as soon as there are any problems a little out of the ordinary, its clear that choosing something like Microsoft or Google is a really bad idear. It's not possible communicate with anyone who know anything.
As more and more are moving their solutions to Microsoft and Google, they will be in a position to strangle any smaller providers.
They are a thread to the free internet!
"Update your drivers"
"Have you tried a clean install?"
Apparently also a british thing I just found out: https://english.stackexchange.com/a/32630
Being able to call out a single giant entity on HN is much easier than trying to get the world to agree on fixing something. Source: we still use SMTP and we still have no common way to authenticate a sender without a centralized email system. (Yes, I know about SPF, DKIM, etc.)
I think the real risk is relying on email at all anymore. The underlaying protocol dates back to the era of "let's see if we can get bits to move at all" which predates any kind of "how do we know what we are getting is authentic" style of design. There are plenty of other avenues for communication that don't succumb to the many inherent pitfalls of email.
The pitfall in this very article is the fact that communication was centralized on a giant near-monopoly which imposes it's arbitrary rules on users by filtering whatever they want.
So in that context, can you tell what these other avenues of communication are that don't suffer from this exact same problem? I'm guessing you're thinking of various 100% proprietary channels, all of which suffer from the problem of being centralized and users and content can get arbitrarily banned or blocked for no reason.
At least with email you can simply stop using microsoft-hosted email and move elsewhere and your problems go away while still remaining email accessible to everyone.
For context, I have been running a Debian mailserver (postfix + spamassassin + dovecot) with autoupdates - and occasional major version updates - for family and friends since 2007. Barring the occasional period of being preferentially delivered to the spam folder, I have not experienced any problems. My major benefit: I am sure that if a mail is sent to me, I will receive it.
The system is running on one of the cheapest root servers from Hetzners used server market, and it also runs an odd set of other websites and VMs, so the IT investment is limited. I also consider the administration and update tasks as a form of continuing education in my profession.
But few, if any, that have the many advantages of email. Different tools for different needs and all that.
I sent a second message from my personal account to my O365 account, with just my company's URL in the body. This one was delivered right to the Inbox.
Maybe they are? Not saying intentionally, but perhaps they have been compromised?
In my experience with Microsoft's URL detonation, it could go either way and be a false positive or be real. In one case where I had a definite false positive, opening a ticket with Microsoft resolved the issue within a few hours. Both myself and the entity with the false positive are government cloud customers, maybe our experience would be different in the commercial cloud. Interestingly, this issue seems to affect anyone using Microsoft hosted email without regard to which cloud you are using. Different data centers, separate implementation, but some shared data apparently.
That seems on its face like an impossible contradiction to me.
Interesting to me that this also blocks sending the IPCC report even as an attachment.
This certainly seems oddly targeted, but I doubt that Microsoft is intentionally to blame. More likely their infrastructure is compromised and someone is selling blacklisting as as service lol.
I could see some sort of whitelist that overrides some sort of machine learning based blocking.
Not to say it's super reasonable but that's the only reasonable thing I could think of, with perhaps not applying it wholesale being that it would allow spammers to just include a link in background color to bypass spam protection or something
Anyone emailing something that contains their URL.
This includes the IPCC report, which is fairly significant if you're a climate researcher:
> No organisation using Microsoft email services can currently send the IPCC Sixth Assessment Report of Working Group 3 as an attachment to anyone else (newclimate dot org URL appears 11 times in the report). The same applies to hundreds of other relevant scientific papers and reports from any organisations, where NewClimate URLs appear on the reference lists.
Hell, even MIT has succumbed to this pressure - they are in the process of migrating the entire campus from an onsite hosted Microsoft exchange server system to cloud hosted microsoft 365 email system. To the laments of the users and the IT staff who have to support it.
From a system that has served a massive user group like MIT successfully with little downtime for over a decade to a system that has already caused multiple issues - even when they are still migrating people after 6 months...
Have you tried to set up MFA for an on prem Exchange system? Well, it is simply impossible. MFA on activesync ? Impossible.
When you have to support such a legacy environment you are better off moving to Microsoft 360 (I think this is their new name), or gmail or others similar players.
The small providers can get caught in the gears of large providers or even smaller providers using idiotic RBLs (sometimes a single one that causes a permanent reject). Nobody dares block Gmail or O365 however.
But you won't have an undiagnosable spam filter. Depends on your risks.
O365 just handles all of this out of the box.
To emphasize, I think New Climate's blog post does correctly highlight the fact that when "the algorithms" go haywire, it feels like it takes multiple acts of God to get a human to actually fix the issue. But I'm just tired of the lazy appeal to "What The ELiTes DoN't WanT You TO KnOw!!!" whenever a bug pops up (and, ironically, who the "elites" are solely depends on what tribe you identify with - in this case, if you're pro-CO2 reduction, the elites are evil corporate masters seeking more use of fossil fuels for their profits, and if you're on the other side the elites want to use climate change as an excuse to stifle the economy and keep the peons in their place).
But it also illustrates what could happen. Microsoft or Google could decide to silence email on certain topics, or they could conceivably be ordered to do so. Would they refuse? Doubtful. And they are so big and handle such a large percentage of email that it would have a real impact.
https://www.cnn.com/2023/10/20/media/jon-stewart-apple/index...
Some of the other reports about this only mention two of those three. Make of that what you will.
https://www.businessinsider.com/jon-stewart-show-apple-tv-en...
