A Sneaky Way to Update Terms and Conditions

01 Aug 2016 at 18:37 // under

I have just checked through my email spam folder and found a couple of emails from Microsoft updating their terms of use and privacy statement.

The way the email has been sent, it has triggered gmail's spam filters because the sender has failed to authenticate properly. When viewing the email, there is a warning shown at the top:

Why is this message in Spam? It has a from address in communication.microsoft.com but has failed communication.microsoft.com's required tests for authentication. Learn more

Perhaps it is a spam/phishing email? Unlikely, the email has been sent to a very specific email address that I have only used with Microsoft (and there is a second copy sent to a different very specific email address for a family member). Also all the links in the email are directed at genuine microsoft.com urls. As such, I am fairly confident that this is a genuine update to our terms and conditions email.

I am also fairly sure that most people (who are using gmail) are likely to miss it. Microsoft is a regular target for spoofing emails, so seeing an email from Microsoft in the spam folder with a warning about it not being genuine is not an uncommon thing. This leads me to think this could be an excellent way for a less than honest company to quietly update it's terms and conditions.

To be clear, I do not think Microsoft has genuinely attempted to be sneaky here. But if you did want to make some changes without anyone noticing, would composing your notification in a way that spam filters will be triggered by it be a good idea?

If people notice, they just need to say it was the spam filters fault not ours, "We were sent the notification as required, if you have automated systems to ignore it, that is your problem not ours".

Go Top