Outlook.com Gets Safer
Outlook.com Gets Safer by UCStrategies Staff
Microsoft released Outlook.com for public trial in July 2012. Since then an estimated 25 million users tried the service. Now the company has added two new security features to protect Outlook.com against phishing attacks.
“Since we announced Outlook.com, we've continued to work to deliver you the highest levels of security and protection technologies,” Microsoft’s Krish Vitaldevara writes in a post to the Outlook Blog. “Today, we are excited to announce two important new security features that help fight common phishing attacks and provide you with even more protection.”
The browser-based email service, which is set to replace Hotmail, now supports DMARC (Domain-based Message Authentication, Reporting & Conformance). This is a technical specification designed to reduce the risk of email abuse by resolving problems with deployment, operational and reporting issues associated with email authentication protocols. DMARC utilizes DKIM and SPF technologies to authenticate the recipient’s incoming messages.
Microsoft is in favor of using DMARC to reduce instances of phishing emails, which imitate legitimate email addresses to fool recipients into clicking on links to malicious websites or disclosing confidential information such as banking details or passwords.
Other advocates of the technology include Yahoo, PayPal, AOL, and Facebook.
"Our DMARC implementation helps protect you by making it easier to visually identify mail from senders as legitimate, and helps keep spam and phishing messages from ever reaching your inbox. If a sender supports DMARC, we put a trusted sender logo next to their email indicating it is legitimate," wrote Vitaldevara.
Microsoft is also adding support for EV (Extended Validation) Certificates to Outlook.com. This will protect the service from malicious hackers who attempt to lure users into entering personal information on a spoof website designed to look like Outlook.com.
Outlook.com's EV certificates will be issued by Verisign and will necessitate a minimum of 2048-bit encryption. Once the EV certificate has been validated the user’s browser display bar will turn green to indicate that the website is authentic.
"While malicious sites might try to impersonate a site's UI or brand, they cannot replicate the browser's green bar. And by deploying EV certificates broadly we can apply 2048 bit encryption not just to your login, but to your actual mail content as well," Vitaldevara wrote.
Microsoft will soon add support for EV Certificates in its other sites including SkyDrive online storage. The new-look Outlook.com also features a clear layout, preview pane, easy-to-use command bar and built-in mail and contact management system. (CU) Link