Many who work in IT security are scratching their heads this morning, having received a message from Microsoft announcing that it will no longer be sending automated emails about security issues and updates for Windows and its other software.
What is perhaps even more baffling is that it turns out the reason why Microsoft isn’t going to be sending out the emails any longer is… err… anti-spam legislation.
Here is part of the email that subscribers to Microsoft’s security bulletin email notification service received:
As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following:
* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins
Your first thought might be that the message is a scam, disguised as a notice from Microsoft in order to trick computer users into clicking on a dangerous link or opening a malicious attachment.
After all, why would Microsoft suspend a service that – presumably – was helpful about keeping people informed about new security updates and issues?
But no, the email is genuine.
The new legislation means that those sending out email newsletters have to get the express consent of subscribers that they wish to opt-in, rather than just assuming they are interested because a checkbox was pre-ticked on a form.
Canada has been attempting to introduce the legislation for many years and – to my mind – most of it seems like a good thing. So I’m pleased to see that they’re finally introducing it.
However, many internet users are reporting a rash of emails arriving in their inbox, urging them to re-confirm their subscription to different mailing lists in the light of the law’s introduction.
Of course, because many mailing lists may not have captured the location on their subscribers, that means a lot of folks outside Canada are receiving the irritating emails too.
Unfortunately, if you have been bedevilled by spammy mailing lists in the past, you can’t expect the messages to disappear from July 1st. Canadian legislators have built in a three year “grace period” during which those running mailing lists can encourage their existing subscribers to opt-in.
So, Microsoft could probably have continued to carry on sending the emails for some while yet. And interestingly, it seems that Microsoft may not have had much to worry about anyway.
After all, there appears to be some exceptions in the Canadian law, including one that states that it does not apply when the email solely “provides warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.”
In the absence of emails, Microsoft is encouraging those concerned with IT security to sign-up for its RSS feeds instead.
Let’s just hope that your RSS feed reader doesn’t go down, eh?
Update: Good news! Microsoft has done a U-turn!
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.