Outlook.com in practice

I’ve seen a few people talking about outlook.com and how it’s working. There aren’t many insights here but there are a couple.

  • Images are not always showing up from all senders.
  • There are two different “safe” sender lists: one for individuals and one for mailing lists.
  • If you log in with a live.com account address (rather than a hotmail address or instead of creating a new outlook.com address) that email address will be used in the From line outbound mail. This has been causing SPF problems for a some people.
  • Outlook is not signing with DKIM
  • Outlook is authenticating with SPF (not senderID)

What have other people been seeing in terms of problems, issues or quirks with Outlook? What do you like about it?

Related Posts

Authentication Cheat Sheet

There are a several approaches to authenticating email, and the different authentication methods have a lot of different settings to choose from (sometimes because they’re useful, other times just because they were designed by committee). It’s nice that they have that flexibility for the complex situations that might benefit from them, but almost all the time you just want to choose a good, default authentication approach.
So here’s some short prescriptive advice in no particular order for “how to do email authentication at an ESP well” without the long discussions of alternative approaches and justification of each piece of advice.

Read More

Gmail and the via

I was hoping to have a detailed post up today about the conditions where gmail presents the user with a “via” but time seems to have gotten away from me. But I can give you the conclusions.

Read More

DMARC: an authentication framework

A new email industry group was announced this morning. DMARC is a group of industry participants, including large senders, large receivers and relevant intermediaries working on a framework to reduce the harm from phishing.
DMARC is working on a standard to allow senders to publish sending policies and receivers to act on those policies. Currently, senders who want receivers to not deliver unauthenticated email have to negotiate private agreements with the ISPs to make that happen. This is a way to expand the existing programs. Without a published standard, the overhead in managing individual agreements would quickly become prohibitive.
It is an anti-phishing technique built on top of current authentication processes. This is the “next step” in the process and one that most people involved in the authentication process were anticipating and planning for. I’m glad to see so many big players participating.
 

Read More