Terry Zink posted two informative blog posts recently, the first being the change to unauthenticated mail sent over IPv6 to EOP and the second post about EOP (Office365 and Exchange Hosting) and Outlook.com/Hotmail infrastructure converging.
Exchange Online Protection (EOP) is the filtering system in place for Office 365 and hosted Exchange customers. Outlook.com/Hotmail utilized its own mail filtering system and provides SNDS/JMRP programs. EOP is setup for redundancy, failover, provides geo-region servers to serve customers, and has supported TLS for over a decade. Terry explains that Hotmail’s spam filtering technology is more advanced than EOP’s, but EOP’s backend platform is more advanced. The process to convert Outlook.com/Hotmail to use EOP’s filtering system started six months ago and is still a work in progress. Once completed, Outlook.com/Hotmail and Office365/EOP will share the same UX look and feel. The anti-spam technologies will be able to be shared between the two as they will share the same backend infrastructure.
Some of the challenges of merging the two systems include:
- Outlook.com/Hotmail displays a green shield for senders who are heavily spoofed but authenticate, Outlook Web Access (Office365/EOP) currently does not.
- Improving backscatter protection so that when a spammer spoofs your email address and the receiving mail server sends an NDR, the NDR does not go to your inbox since you did not send the original message.
- EOP and Outlook.com/Hotmail both support DMARC, but handles them differently.
- EOP currently does not send DMARC reports and fixes need to be made to the MTA so that they will be sent. Outlook.com/Hotmail currently sends DMARC reports.
- EOP has DKIM-signing on the public road map and once Outlook.com/Hotmail is converted to EOP, they would like to enable DKIM signing for Outlook.com/Hotmail too.
Terry also mentioned that he is non-committal on whether or not Outlook.com/Hotmail will publish a p=reject DMARC report. He mentioned there are many considerations that must be factored before making a decision but has not ruled out the possibility. In the comments, someone asked about the impact to the SNDS and JMRP programs with the transition of Outlook.com/Hotmail to EOP and Terry says there will be no impact in the near term and they would like to include EOP into Hotmail’s SNDR/JMRP program.