Outlook.com, the new webmail service that Microsoft is previewing and that will replace Hotmail, has gained security boosts against phishing and spam.
The new safety features come via support for the DMARC email authentication standard and for EV Certificates, which are designed to strengthen SSL certificates, Microsoft said on Monday.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical specification intended to standardize how email recipient systems authenticate incoming messages using the SPF and DKIM technologies.
Microsoft, as well as other DMARC supporters like Yahoo, AOL, Facebook, PayPal and Google, believe that DMARC will help cut down on the success of phishing emails that spoof legitimate addresses to trick recipients into disclosing confidential information or clicking on malicious website links.
"Our DMARC implementation helps protect you by making it easier to visually identify mail from senders as legitimate, and helps keep spam and phishing messages from ever reaching your inbox. If a sender supports DMARC, we put a trusted sender logo next to their email indicating it is legitimate," wrote Krish Vitaldevara from the Outlook.com Program Management Team in a blog post.
Meanwhile, Microsoft is adding support for EV (Extended Validation) Certificates to Outlook.com, to reduce the likelihood that malicious hackers will be able to trick users into entering confidential information on a fraudulent site designed to resemble Outlook.com.
Microsoft has chosen Verisign to issue Outlook.com's EV Certificates, which require a minimum of 2048-bit encryption. After an EV certificate is validated, users' browsers display a green bar in the URL address bar indicating the site is legitimate.
"While malicious sites might try to impersonate a site's UI or brand, they cannot replicate the browser's green bar. And by deploying EV certificates broadly we can apply 2048 bit encryption not just to your login, but to your actual mail content as well," Vitaldevara wrote.
Microsoft plans to support EV Certificates in its SkyDrive online storage service and other of its sites soon.
Microsoft made Outlook.com available for public trial in July of this year, saying that the new webmail service offers a re-imagining of personal email, from its back-end technologies to its user interface. About 25 million people are giving Outlook.com a try.
Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.