How the Outlook.com Spam Fighters program works

Over here in Outlook.com (and Office 365), we hate spam (and phishing, and malware). We’re doing everything we can, every single day, to keep it out of your Inbox.But we know that there are many of you out there as well that also hate spam as much as we do, and that’s where the Spam Fighters…

7

Fixing a problem with “Unsubscribe” in Outlook.com

One of the problems that some of our users have been experiencing in Outlook.com is using the “You can unsubscribe” widget: The widget above shows up when we think the message is bulk, and the message contains a List-Unsubscribe header, and that header contains a mailto. We parse out the mailto and send a message…

1

Why adding to Blocked Senders sometimes doesn’t block the sender

Recently in Outlook.com, I’ve seen a spurt of user complaints that they are adding senders to the blocked senders list, but keep getting spam from the same sender day after day. I did some investigation. First, adding spammers to Blocked Senders isn’t the best way to stop spammers from sending you unwanted email. Spammers randomize…

4

A tip for mailing list operators to interoperate with DMARC to avoid failures

One of the problems with DMARC is how mailing lists deal with participants that publish p=reject records. The domain owner has published a policy to prevent spoofing, but all of the various participants on the mailing list may be affected. This includes people within an organization that previous were taking part in technical discussions, but…

1

A quick overview of Outlook.com (Hotmail) sender support

Over the past two months, I have taken on a role to deal with deliverability and user complaints for Outlook.com (Hotmail). The main areas of focus are reducing user spam complaints, and helping to streamline the process for senders when they get blocked from delivering to Outlook.com. This includes fixing bugs in the spam filtering…

0

If you want to send to Outlook.com, send with a valid From: address

I’ve been quiet on this blog for a couple of weeks, and that’s because I’ve been helping out addressing some of the spam complaints in Outlook.com. The biggest issue we’ve seen recently is spam from invalid senders. This is an email where the From: address is not RFC compliant, and does one of two things:…

1

The difference between adding Safe and Blocked senders in Outlook, vs. Outlook.com

I’m currently doing a bunch of work around making Outlook.com better, and one the things I’ve noticed is different is how you add to your Safe and Blocked senders list when you use a desktop client like Outlook, vs. when you use the web UX in either Outlook.com (our consumer email product) or Outlook Web…

4

Would a DMARC reject record have prevented Donald Trump from getting elected?

One of the reasons I just wrote that four part series on where email authentication is helpful against phishing, and where it is not-so-helpful, is because I wanted to examine the John Podesta email hacks. In case you’re not aware, John Podesta was the Chair of the Democratic Campaign to elect Hillary Clinton for President…

5

Where email authentication falls flat at stopping phishing – impersonation attacks using display tricks

In this series so far, we’ve seen how email authentication is a great thing at stopping phishing under some circumstances, and where it isn’t that useful in other circumstances. A circumstance where it isn’t that useful is a variant of Business Email Compromise (BEC) that we call an Impersonation Attack. An Impersonation Attack is when…

2

Where email authentication is potentially great – protecting against spoofing from domains with weak authentication

So, in the past couple of posts, I’ve talked about how email authentication is not that great against phishing attacks that use random parameters in the sender, but is well-designed to work against springboard spear-phishing attacks. There’s another scenario where it is simultaneously well-positioned to protect against spear-phishing, yet not in a good position to…

0

A security story that is kind of disturbing

I’ve got a story for you. As a security person, it’s a little disturbing. I was driving in the car with my wife yesterday who works in the health care industry (she’s not a doctor). She was telling me that earlier that day, she was trying to email a file to some other organization and…

2

Where email authentication is not so great at stopping phishing – random IT phishing scams

On this blog, I’ve written a lot about email authentication and preached its virtues. If you are a domain owner, you should definitely set up SPF, DKIM, and DMARC records both so that emails to you can be identified between authentic and not, and so that other email receivers (e.g., Gmail, Hotmail/Outlook.com, Comcast, etc.) can…

1

Troubleshooting the red (Suspicious) Safety Tip for fraud detection checks

Introduction It has now been about 8 months since we released our antispoofing protection in Office 365, a feature that defends against Business Email Compromise, where the From and To domains are the same. You can read more about that feature at http://aka.ms/AntispoofingInOffice365. To summarize, it defends against others spoofing your domain in the From:…

17