By the looks of things, we are entering the End of Days for Hotmail. In spite of this, Microsoft is still not finished tinkering under the hood of Outlook.com, Hotmail's replacement, having just introduced new security features that should improve it.
Outlook versus Hotmail
Meanwhile, as of this week, those with Hotmail accounts will start seeing ads in Hotmail urging them to move over to Outlook, although Microsoft says it is not forcing anyone to move — not yet, anyway.
You may recall that Microsoft announced the demise of Hotmail at the end of last July and advised users to move across to the Outlook alternative. While there are now 25 million users who have made the switch according to Microsoft, there are still many waiting to make the jump.
Despite this, Microsoft is pushing ahead with the Outlook promotion and will also be pumping up its Outlook.com advertising efforts in the coming months.
But for Outlook to be a success, advertising alone is not going to do it. If it is to realistically compete with Gmail, which appears to be the aim, security had to improved.
An in-box full of spam and phishing scams, which Hotmail users were subjected to despite using filters, is not going to encourage business users.
According to an Office blog post, it has announced two new security features that secure your Outlook account from two really common phishing attacks:
- Support for the DMARC standard
- Support for Extended Validation Certificates
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a specification that standardizes how email recipient systems authenticate incoming messages.
It makes it hard for someone to deliver phishing mail to a recipient’s inbox, while the EV Certificates are designed to beef-up SSL certificates.
With Outlook.com, Krish Vitaldevara of the Outlook team says, it makes it easier to visually identify mail from senders as legitimate, and helps keep spam and phishing messages from ever reaching your inbox.
If, for example, a sender supports DMARC, Outlook.com will put a trusted logo next to the mail indicating that it is legitimate. Of course senders have to use the DMARC too, so the more users or businesses that use it, the safer email is going to be.
"As part of DMARC, senders get reports on email that comes from their domain (good and bad), as well as how much of their traffic is passing/failing email authentication checks. This info helps them plan their authentication deployment as well as better understand the nature of the attacks on their domains,” Vitaldevara said.
That said, DMARC is not exclusive to Microsoft and is already being used by companies like Paypal, Facebook, AOL and Yahoo.
The other element in this security upgrade is EV Certificates, which reduce the ability of hackers to trick people into feeding information into false certificates or sites.
EV Certificates make browsing more secure than plain SSL by adding confidence that you are interacting with a trusted website and that your information is secure.
According to the blog post, Microsoft has chosen Verisign to issue Outlook.com's EV Certificates, which require a minimum of 2048-bit which is far more secure than what is commonly used with standard SSL.
They prevent phishing attacks by preventing malicious sites from masquerading as a trusted service. While the sites might be able to impersonate a UI or brand, they cannot replicate the browser's green bar.
Microsoft is rolling out EV certificate support in Outlook.com now and will also be applied to SkyDrive soon. Hotmail.com and Live.com users are also getting the same support while they are upgrading to Outlook.com.