Office365/EOP and Outlook.com/Hotmail will converge

Terry Zink posted two informative blog posts recently, the first being the change to unauthenticated mail sent over IPv6 to EOP and the second post about EOP (Office365 and Exchange Hosting) and Outlook.com/Hotmail infrastructure converging.
Exchange Online Protection (EOP) is the filtering system in place for Office 365 and hosted Exchange customers. Outlook.com/Hotmail utilized its own mail filtering system and provides SNDS/JMRP programs.  EOP is setup for redundancy, failover, provides geo-region servers to serve customers, and has supported TLS for over a decade.  Terry explains that Hotmail’s spam filtering technology is more advanced than EOP’s, but EOP’s backend platform is more advanced. The process to convert Outlook.com/Hotmail to use EOP’s filtering system started six months ago and is still a work in progress. Once completed, Outlook.com/Hotmail and Office365/EOP will share the same UX look and feel. The anti-spam technologies will be able to be shared between the two as they will share the same backend infrastructure.
Some of the challenges of merging the two systems include:

  • Outlook.com/Hotmail displays a green shield for senders who are heavily spoofed but authenticate, Outlook Web Access (Office365/EOP) currently does not.
  • Improving backscatter protection so that when a spammer spoofs your email address and the receiving mail server sends an NDR, the NDR does not go to your inbox since you did not send the original message.
  • EOP and Outlook.com/Hotmail both support DMARC, but handles them differently.
  • EOP currently does not send DMARC reports and fixes need to be made to the MTA so that they will be sent.  Outlook.com/Hotmail currently sends DMARC reports.
  • EOP has DKIM-signing on the public road map and once Outlook.com/Hotmail is converted to EOP, they would like to enable DKIM signing for Outlook.com/Hotmail too.

Terry also mentioned that he is non-committal on whether or not Outlook.com/Hotmail will publish a p=reject DMARC report.  He mentioned there are many considerations that must be factored before making a decision but has not ruled out the possibility. In the comments, someone asked about the impact to the SNDS and JMRP programs with the transition of Outlook.com/Hotmail to EOP and Terry says there will be no impact in the near term and they would like to include EOP into Hotmail’s SNDR/JMRP program.

Related Posts

Mythbusting deliverability and engagement

Yesterday I published an article talking about an engagement webinar hosted by the EEC and DMA. I made a couple predictions about what would be said.

Read More

Hotmail issues

A number of people, both at ESPs and on the mailops mailing list, are reporting problems at Hotmail. The most common reports are senders getting

Read More

Thoughts on Hotmail filtering

One of the new bits of information to come out of the EEC15 deliverability discussions is how Hotmail is looking at engagement differently than other webmail providers.
Many webmail providers really do look at overall engagement with a mail when making delivery decisions. And this really impacts new subscribers the most. If there is a mailing where a lot of subscribers are engaged, then new subscribers will see the mail in their inbox. Based on what was said at the webinar earlier this week engagement has no effect at Hotmail outside of the individual user’s box.
I’ve certainly seen this with clients who’ve tried trimming subscriber lists but that doesn’t really help get mail moved from the Hotmail bulk folder to the inbox.
 
Instead of subscriber lists, Hotmail is really looking at bounces. They’re watching the number of nonexistent accounts senders are mailing to and they’re counting and a sender hits too many bad addresses and that is a major hit to their reputation.
All of this makes remediation at Hotmail challenging. Right now, we can remediate a bad reputation at a lot of ISPs and the filters catch up and mail starts flowing back to the inbox. Hotmail has set up a system that they say is “hard for spammers to game.” This seems to translate into hard for legitimate senders to fix their reputation.
Hotmail is, IMO, the current tough nut in terms of deliverability. Develop a bad reputation there and it’s difficult to fix it. I’m sure it’s possible, though.

Read More