Microsoft announced last week that it would stop sending security notifications via email, but the company has since changed its mind and has promised to resume the process.
Last Friday, Microsoft informed users of its intention to suspend the use of email notifications starting with July 1 for security bulletin advance notifications, security bulletin summaries, new security advisories and bulletins, and revisions to security advisories and bulletins due to “changing governmental policies concerning the issuance of automated electronic messaging.”
The decision to stop email notifications was a result of Canada’s Anti-Spam Law (CASL) coming into effect on July 1. The new legislation is designed to protect Canadian consumers from the damaging and deceptive forms of spam and online threats, but steps have been taken to limit the impact on businesses, the Harper government said.
The Canadian Federation of Independent Business (CFIB) noted that the new anti-spam law is confusing and it represents a challenge for small businesses. However, Microsoft’s email security notifications should not be impacted because, as security expert Graham Cluley highlights, one of the exceptions to the law clearly states that it does not apply to commercial electronic messages that provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.”
In the notification sent out last Friday, Microsoft told users to subscribe to the RSS feeds described on the Security TechCenter website. However, on Monday the company announced its decision to resume sending notifications on July 3.
“On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service (ANS) on July 3, 2014,” a Microsoft spokesperson told SecurityWeek.