Connect with us

Hi, what are you looking for?



Microsoft Backs Down on Decision to Stop Sending Email Security Notifications

Microsoft announced last week that it would stop sending security notifications via email, but the company has since changed its mind and has promised to resume the process.

Microsoft announced last week that it would stop sending security notifications via email, but the company has since changed its mind and has promised to resume the process.

Last Friday, Microsoft informed users of its intention to suspend the use of email notifications starting with July 1 for security bulletin advance notifications, security bulletin summaries, new security advisories and bulletins, and revisions to security advisories and bulletins due to “changing governmental policies concerning the issuance of automated electronic messaging.”

The decision to stop email notifications was a result of Canada’s Anti-Spam Law (CASL) coming into effect on July 1.  The new legislation is designed to protect Canadian consumers from the damaging and deceptive forms of spam and online threats, but steps have been taken to limit the impact on businesses, the Harper government said.

The Canadian Federation of Independent Business (CFIB) noted that the new anti-spam law is confusing and it represents a challenge for small businesses. However, Microsoft’s email security notifications should not be impacted because, as security expert Graham Cluley highlights, one of the exceptions to the law clearly states that it does not apply to commercial electronic messages that provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.”

In the notification sent out last Friday, Microsoft told users to subscribe to the RSS feeds described on the Security TechCenter website. However, on Monday the company announced its decision to resume sending notifications on July 3.

“On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service (ANS) on July 3, 2014,” a Microsoft spokesperson told SecurityWeek.

Advertisement. Scroll to continue reading.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.