Microsoft fixes false spam reports from popular encrypted email domain

Tutanota's email service on laptop and smartphone screen next to Tutanota's calendar on tablet screen
(Image credit: Tutanota)

Emails sent from a German-based encrypted email app to Microsoft Outlook addresses have been reportedly ending up in the spam folder by mistake for over three weeks.

Tuta (formerly known as Tutanota) decided to go public with the issue as it felt that the Big Tech giant wasn't taking what was happening with one of its domains seriously.

About 24 hours after publishing a blog post on the subject, Microsoft was able to resolve the technical issue. According to the secure email provider, this reiterates the need to hold these hugely powerful online services accountable for fixing technical issues as these arise.

Tutanota.com is no longer spam in Outlook

"To us it's just another proof that Big Tech is able to solve such issues, but unwilling to do so for just 'any company'. I'm sure there are more, smaller companies that face similar issues and that are not able to reach out to the press or have other means of making such issues public," Matthias Pfau, Tuta's co-founder and developer, told me.

As we mentioned, Microsoft Outlook began to wrongly mark all emails with the tutanota.com domain as spam since mid-November. After increasing user complaints, the company reached out to the Microsoft's support team, as well as a board member of Microsoft Germany, but without much luck. 

According to Microsoft, tutanota.com's IP address wasn't blocked. On November 20, the support team informed Tuta about its eligibility for a "temporary mitigation," and that it was supposed to take between 24/48 hours. Tuta's team waited, but the issue persisted. After this, the security firm chose to publish the blog post on December 5 to, as Pfau explained to me, "escalate the issue faster."

He said: " When we had a similar issue with Tutanota users not being able to register Microsoft Teams accounts, the process was the same—but we tried to work this out with Microsoft for months. Finally, when we made the issue public, Microsoft was suddenly able to fix it within days."

Again, Tuta's strategy was successful as Microsoft was quickly able to fix the technical problem as of December 6—just a day after the company made the news public. 

It's worth mentioning that other Tuta's email domains such as tuta.com, tuta.io, tutanota.de, tutamail.com and keemail.me were not falsely spammed. However, among the more than 10 million people subscribed to this encrypted email service, the majority uses the tutanota.com domain—all of which were affected.

I reached out to Microsoft myself asking about a possible reason to why this technical problem happened in the first place, as well as why it took the team so long to fix it. At the time of writing, I've been informed that "the issue has been resolved," without any further explanation.

Whether or not Microsoft have purposely hijacked its smaller competitor is something that will be, perhaps, impossible to ever establish. However, according to Pfau, the most important outcome of this story is the visible reluctance of Microsoft's support team to fix technical errors despite these being flagged.

He said: "That's why Big Tech as gatekeepers need to be checked more thoroughly. Even if it's a technical issue, they are to be held accountable and must fix such issues in a reasonable amount of time—when asked, not when the press starts talking about this!"

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to [email protected]