2 min read

Could CASL be behind Microsoft’s move to stop emailed security updates?

Security

Starting tomorrow, IT professionals who have signed up to receive security updates from Microsoft Corp. will no longer find the automated messages in their  inboxes.

“As of July 1, 2014, due to changing government policies concerning the issuance of automated electronic messages, Microsoft is suspending the use of email notification…,” an email sent by Microsoft last Friday to subscribers to its security bulletin email notification service.

Some industry observers are connecting the company’s move to Canada’s Anti-Spam Legislation (CASL) which is set to take effect July 1.
CASL training
The notice said the company will no longer be sending the following via email:

  • Security bulletin advance notifications
  • Security bulletin summaries
  • New security advisories and bulletins
  • Major and minor revisions to security advisories and bulletins

Subscribers that wish to continue receiving information on these were advises to subscribe to one or several RSS feeds found in Microsoft’s TechCentre Web site.

A report on the IT security Web site krebsecurity.com, said that a Microsoft spokesperson confirmed that the email notification was suspended due to CASL, which prohibits organizations from sending out unsolicited emails.

Since early June, people in Canada have been receiving a wave of emails from businesses asking them if they still want to receive online messages. CASL requires companies and organizations to obtain direct or implied consent from people in order to continue sending the people emails.

This last ditch effort to comply with CASL before the law comes down has ironically resulted in consumers essentially being spammed in the name of the anti-spam legislation.

If Microsoft’s decision is indeed tied to CASL then the move seems odd. Some CASL experts as the anti-spam law contains a hefty number of exemptions which allows the transmission of the type of messages the security bulletins contain.

Among emails which CASL exempts are: “warranty information, product recall information or safety or security information about a product, good or a service that the person to whom the message is sent uses, has used or has purchased.”

Microsoft Canada has come up with a pretty creative way of enticing people to sign up for emails from the company.

Instead of the typical form asking for individual’s consent to be sent emails, Microsoft Canada is sending out opt in forms which the catchy title Opt in before you miss out.

Canadians that opt in to receiving emails about products, services and events as well as “tips and exclusives relevant” to their business get a chance to win a $500 Microsoft gift voucher.

1 Comment

  1. Would of preferred one of 5 $100 vouchers. 🙂
    Seems to me that Email newsletters specific to Canadians has a different mailing database than those belong to the security. Meanwhile, I suspect the MSDN newsletter [US only I believe] will not be affected either. Very odd setup.
    So the only option for those security bulletins is to visit the appropriate site or use the RSS feed [which to me seemed antiquated]. Why Microsoft discontinued it world-wide is very odd.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment