Showing a question mark ‘?’ in the sender photo when a message is not authenticated

In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using authentication methods including SPF, DKIM, DMARC, and antispoofing. These techniques verify that the sender is who they say they are, and they are used to mark the message either as Junk Email, or deliver it to your Inbox. They sometimes…

6

Does DMARC need an update to handled branded TLDs? I say yes

Some background As I’ve said before, one of the things I like about DMARC is how I don’t have to specify a policy for every single domain that I own. To recap what I said in my other post, here’s the DMARC record of microsoft.com (I’ve removed the reporting addresses): microsoft.com | “v=DMARC1; p=reject; pct=100″…

5

Does SPF need an update so subdomains can inherit the policy of its organizational domain? I say yes

The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the policy of its organizational domain. For example, here’s the DMARC record of microsoft.com (I’ve removed the reporting addresses): microsoft.com | “v=DMARC1; p=reject; pct=100” There’s no subdomain policy, which means that the following domain which has no DMARC record:…

4

How we use the Certified Senders Alliance IP reputation list

If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their regular newsletter that Outlook.com and Office 365 is now a new ISP partner. What does that mean? Over here at Outlook.com and Office 365, we have a complicated relationships with good IP reputation lists. Outlook.com…

1

Should you warn users when they receive an external message?

I’ve been asked a few times what I think about organizations that add warnings to messages that their users receive when the message is sent to them from outside the organization. That is, some organizations create Exchange Transport Rules (ETRs) when the message is received outside the organization. This might look something like this: This…

0

Disabling unauthorized forwarding in Outlook.com

Over the past week, I’ve noticed an increase in user escalations asking to disable unauthorized forwarding. That is, they have a setting in their mailbox where their email is being forwarded to another account. Users can resolve this themselves: select Options > Mail > Automatic processing > Inbox and sweep rules. Then, look for any…

1

An update on the forwarding email problem in Office 365

Well over a year ago, I wrote the following blog post: Why does my email from Facebook, that I forward from my outlook.com account, get rejected? It’s a very popular blog post, it gets more comment than almost any other post that I have written. The overwhelming majority of comments asks the question: “When will this…

8

What do we mean when we refer to the ‘sender’ of an email?

There’s a lot of ambiguity about the term “sender” when talking about the sender of an email. What do we mean? The term is overloaded because there are so many possible “senders” of a message. Here’s the most commonly used terms and how they show up in various email clients: 1. The From: address in…

3

How the Outlook.com Spam Fighters program works

Over here in Outlook.com (and Office 365), we hate spam (and phishing, and malware). We’re doing everything we can, every single day, to keep it out of your Inbox.But we know that there are many of you out there as well that also hate spam as much as we do, and that’s where the Spam Fighters…

8

Fixing a problem with “Unsubscribe” in Outlook.com

One of the problems that some of our users have been experiencing in Outlook.com is using the “You can unsubscribe” widget: The widget above shows up when we think the message is bulk, and the message contains a List-Unsubscribe header, and that header contains a mailto. We parse out the mailto and send a message…

1

Why adding to Blocked Senders sometimes doesn’t block the sender

Recently in Outlook.com, I’ve seen a spurt of user complaints that they are adding senders to the blocked senders list, but keep getting spam from the same sender day after day. I did some investigation. First, adding spammers to Blocked Senders isn’t the best way to stop spammers from sending you unwanted email. Spammers randomize…

4

A tip for mailing list operators to interoperate with DMARC to avoid failures

One of the problems with DMARC is how mailing lists deal with participants that publish p=reject records. The domain owner has published a policy to prevent spoofing, but all of the various participants on the mailing list may be affected. This includes people within an organization that previous were taking part in technical discussions, but…

1

A quick overview of Outlook.com (Hotmail) sender support

Over the past two months, I have taken on a role to deal with deliverability and user complaints for Outlook.com (Hotmail). The main areas of focus are reducing user spam complaints, and helping to streamline the process for senders when they get blocked from delivering to Outlook.com. This includes fixing bugs in the spam filtering…

1