Outlook.com in practice

I’ve seen a few people talking about outlook.com and how it’s working. There aren’t many insights here but there are a couple.

  • Images are not always showing up from all senders.
  • There are two different “safe” sender lists: one for individuals and one for mailing lists.
  • If you log in with a live.com account address (rather than a hotmail address or instead of creating a new outlook.com address) that email address will be used in the From line outbound mail. This has been causing SPF problems for a some people.
  • Outlook is not signing with DKIM
  • Outlook is authenticating with SPF (not senderID)

What have other people been seeing in terms of problems, issues or quirks with Outlook? What do you like about it?

Related Posts

ESPs, Non-portable Reputation and Vendor Lock-in

I’ve seen some mentions recently of ESPs suggesting that if you use your own domain in the From: of mail you send through an ESP then that ESP can’t “do email authentication” properly unless they require you to edit your domains DNS settings. That’s not really so, but there is a kernel of truth in there.
The real situation is, unsurprisingly, a bit more complicated.
What authentication features should you look for in an ESP?

Read More

Getting rid of the via at Gmail

There was a question submitted today about the verification process at Gmail.

Read More

Defending against the hackers of 1995

Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst of all, perhaps, people tend to use the same username and password at many different websites. If just one of those websites is compromised (or even run as a password collecting scam) then those passwords can be used to attack accounts at all of the others.
Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password.
Security problems solved, then?

Read More