Shifting Cyber Norms: Microsoft security POST-ing to you

from blog Bert Hubert's writings, | ↗ original
tl;dr: Microsoft and other email security scanners will visit the links in email you transmit, and run the JavaScript in those links, including calls that lead to POSTs going out. This used to be unacceptable, since POSTs have side effects. Yet here we are. This breaks even somewhat sophisticated single-use sign-on / email confirmation messages....