Outlook.com and Hotmail block all state govt email after hijacked account sends 8 million spam messages

For almost two weeks employees at the US State of Oregon with @oregon.gov accounts have been unable email residents who use Microsoft email services after a hijacked @oregon.gov account was used to send eight million spam emails. 

The state’s official website is still warning visitors that “state email issues are preventing communication with select email accounts”. 

The issue is preventing all @oregon.gov email addresses from delivering email to members of the public who use Microsoft’s email services at addresses @outlook.com, @msn.com, @hotmail.com, and @live.com.

“The state is working to resolve this issue. Thank you for your patience during this time,” the message reads. 

Oregon is on the north west coast of the US with a population of around four million. The state shares a border with Washington, home of Microsoft’s headquarters in Redmond.     

Local paper, The Oregonian, obtained a copy of an email sent to agency directors last Friday explaining the situation. Microsoft’s block on @oregon.gov accounts happened after one account at the state government’s email domain sent over eight million spam messages the prior weekend. 

By Monday, the state had “caught” the spamming account, but not before Microsoft “downgraded the oregon.gov sender reputation score”, a signal used by email service providers to assess email from a certain IP address.

The government believes the spam incident was the result of a state employee clicking on a malicious link in a phishing email. A hacker then used the compromised account to send millions of spam, putting a serious dent in the reputation of the  government’s email domain.  

Depending on the content of the spammer's email, the incident could also be bad for recipients given that a .gov address could normally be considered trustworthy.

The email says that Oregon government’s technology workers are “going through proper channels to restore the Oregon.gov sender reputation score”, however it warns that it will “take some time to resolve”.  

A notice has has also been posted on Oregon Governer Kate Brown’s home page. A spokeswoman for Brown suggested that if the public need to communicate with state government employees they could use a different email provider to the Microsoft services that are blocking @oregon.gov.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosofthotmailoutlookGovernment IToregon

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts