Outlook.com latest update rolling out, adds support for DMARC and EV Certificates security features

Outlook.com logoMicrosoft announced the first update to Outlook.com two weeks ago, adding new features such as “one-click archive”, new color themes, new keyboard shortcuts, and new default options. This update is now reportedly rolling out to Outlook.com users worldwide, bumping the version number up from 16.4 (Wave 5) to 17.0. In addition to the above announced features, our readers are also telling us that they have noticed other changes as part of this update too, including:

  • Favorite contacts now appear on the top in People’s contact list
  • Skype conversations now show up in Message history, in addition to Messenger and Facebook chat
  • New “Your email accounts” options page which allows you to manage send/receive emails and aliases all in one place
  • Updated Messaging sidebar with minor cosmetic changes such as a larger and longer search box scroll-wheel

Today over at the official Outlook blog, Microsoft announced that Outlook.com has also been added with two new security enhancements to protect users from phishing scams. These two features include the support for the DMARC standard and EV Certificates. Below is a brief explanation on how these two security features work:

DMARC (Domian-based Message Authentication, Reporting & Conformance)

Our DMARC implementation helps protect you by making it easier to visually identify mail from senders as legitimate, and helps keep spam and phishing messages from ever reaching your inbox. If a sender supports DMARC, we put a trusted sender logo next to their email indicating it is legitimate. The effect is cumulative; the more the email sending services that use DMARC, the broader the protection offered against phishing. 

DMARC helps protect email sending services by giving them valuable information about mail coming from their domain.  As part of DMARC, senders get reports on email that comes from their domain (good and bad), as well as how much of their traffic is passing/failing email authentication checks. This info helps them plan their authentication deployment as well as better understand the nature of the attacks on their domains.  They can also request that messages using their domain that fail authentication be quarantined or rejected, and receive data extracted from failed messages such as header information and URIs from the message body, to provide them visibility into the types of attacks that are targeting their brands.

Extended Validation (EV) Certificates

EV Certificates make your browsing experience more secure than plain SSL by adding confidence that you are interacting with a trusted website and that your information is secure.

EV certificates are deeply vetted by the Certificate Authority, providing significant assurance that you can trust the sites that use them.  These certificates require a minimum of 2048-bit encryption, which is far more secure than what is commonly used with standard SSL.  The green address bar in your browser provides immediately recognizable assurance that your connection to the service is as secure as it can be from prying eyes. Contrast that with the key length standard SSL uses-in many cases, it can be fairly low, creating a false sense of security.  EV certificates deter phishing attacks by preventing malicious sites from masquerading as the trusted service. While malicious sites might try to impersonate a site’s UI or brand, they cannot replicate the browser’s green bar.  And by deploying EV certificates broadly we can apply 2048 bit encryption not just to your login, but to your actual mail content as well.

EV Certificates support will not only come to Outlook.com, but also to SkyDrive and other Microsoft services (such as People, Profile and more) as well in the near future.

Have you noticed any other changes to Outlook.com or People in the recent update? Let us know in the comments below!