Clik here to view.
The difference between adding Safe and Blocked senders in Outlook, vs....
I’m currently doing a bunch of work around making Outlook.com better, and one the things I’ve noticed is different is how you add to your Safe and Blocked senders list when you use a desktop client...
View ArticleClik here to view.
If you want to send to Outlook.com, send with a valid From: address
I’ve been quiet on this blog for a couple of weeks, and that’s because I’ve been helping out addressing some of the spam complaints in Outlook.com. The biggest issue we’ve seen recently is spam from...
View ArticleA quick overview of Outlook.com (Hotmail) sender support
Over the past two months, I have taken on a role to deal with deliverability and user complaints for Outlook.com (Hotmail). The main areas of focus are reducing user spam complaints, and helping to...
View ArticleA tip for mailing list operators to interoperate with DMARC to avoid failures
One of the problems with DMARC is how mailing lists deal with participants that publish p=reject records. The domain owner has published a policy to prevent spoofing, but all of the various...
View ArticleClik here to view.
Why adding to Blocked Senders sometimes doesn’t block the sender
Recently in Outlook.com, I’ve seen a spurt of user complaints that they are adding senders to the blocked senders list, but keep getting spam from the same sender day after day. I did some...
View ArticleClik here to view.
Fixing a problem with “Unsubscribe” in Outlook.com
One of the problems that some of our users have been experiencing in Outlook.com is using the “You can unsubscribe” widget: The widget above shows up when we think the message is bulk, and the message...
View ArticleClik here to view.
Why messages sometimes end up in the Junk folder in Outlook.com even when the...
In Outlook.com, occasionally we get a complaint from a user saying that a message is in their Junk Email folder even though the message’s sender is on their Safe Senders list. After all, if it’s on the...
View ArticleClik here to view.
How the Outlook.com Spam Fighters program works
Over here in Outlook.com (and Office 365), we hate spam (and phishing, and malware). We’re doing everything we can, every single day, to keep it out of your Inbox.But we know that there are many of...
View ArticleWhat do we mean when we refer to the ‘sender’ of an email?
There’s a lot of ambiguity about the term “sender” when talking about the sender of an email. What do we mean? The term is overloaded because there are so many possible “senders” of a message. Here’s...
View ArticleAn update on the forwarding email problem in Office 365
Well over a year ago, I wrote the following blog post: Why does my email from Facebook, that I forward from my outlook.com account, get rejected? It’s a very popular blog post, it gets more comment...
View ArticleClik here to view.
Disabling unauthorized forwarding in Outlook.com
Over the past week, I’ve noticed an increase in user escalations asking to disable unauthorized forwarding. That is, they have a setting in their mailbox where their email is being forwarded to...
View ArticleClik here to view.
Should you warn users when they receive an external message?
I’ve been asked a few times what I think about organizations that add warnings to messages that their users receive when the message is sent to them from outside the organization. That is, some...
View ArticleHow we use the Certified Senders Alliance IP reputation list
If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their regular newsletter that Outlook.com and Office 365 is now a new ISP partner. What does that mean? Over...
View ArticleDoes SPF need an update so subdomains can inherit the policy of its...
The good thing about DMARC One of the great things about DMARC is that subdomains can inherit the policy of its organizational domain. For example, here's the DMARC record of microsoft.com (I've...
View ArticleDoes DMARC need an update to handled branded TLDs? I say yes
Some background As I've said before, one of the things I like about DMARC is how I don't have to specify a policy for every single domain that I own. To recap what I said in my other post, here's the...
View ArticleClik here to view.
Showing a question mark ‘?’ in the sender photo when a message is not...
In order to help stop phishing messages, Office 365 and Outlook.com already filter messages using authentication methods including SPF, DKIM, DMARC, and antispoofing. These techniques verify that the...
View ArticleClik here to view.
I called my credit card company, and when they verified my identity I got...
I recently signed up for a new credit card. I don't normally do that on a whim, but instead do it for the big sign-up bonuses they offer. I get the card for one year, and then cancel it before I have...
View ArticleBlocking invalid From: addresses in Office 365
A couple of weeks ago, we made an announcement in Office 365 that we would be implementing stricter checks of the From: address, starting Nov 9, 2017. You can find that at How Office 365 validates the...
View ArticleClik here to view.
How we got to enforce DMARC for sub-domains of Microsoft’s largest consumer...
I couldn't believe it. I had been blind for ages. Why had I not seen it before? The month was August 2017, and none of Microsoft's largest consumer email brands - msn.com, live.com, hotmail.com, and...
View ArticleClik here to view.
A second update to the problem of email forwarding in Office 365
18 months ago, I wrote the following blog post: Why does my email from Facebook, that I forward from my outlook.com account, get rejected. 6 (ish) months ago, I provided an update at An update on the...
View Article