ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Enterprise applications Toolkit

New Outlook to give spammers the boot

Joe Wilcox, CNET News.com CNet

Published: 01 Nov 2002 15:40 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft is taking spam fighting more seriously in the next version of its widely used Outlook email and contact-management software Outlook 11 will, by default, no longer grab data such as images from outside servers when previewing email formatted like Web pages. The ability to send and receive email formatted in Hypertext Markup Language (HTML) was at one time touted as a feature in Microsoft's email programs.

"We've taken a step backward, so to speak, by blocking external content when you preview email," Simon Marks, Office XP product manager, said this week. Marks described the new feature as an important spam-fighting tool.

Data such as image, sound and video files in HTML-formatted email is usually pulled from a Web server in much the same way a Web browser grabs such data. But in the case of accessing content through a Web browser, someone typically makes the decision to go to the site. With Web-based spam mail, the content comes to the person unwanted -- sometimes with strings attached.

When content is downloaded in spam email it can act as what is known as a "Web beacon," telling the sender that the email address is in fact valid, a technique used by spammers. Viewing the message in a preview pane without opening it is enough to trigger the Web beacon, analysts said. The beacon can lead to more unwanted mail from the original sender and, potentially, from other spammers who have access to the same mailing list.

The new Outlook feature is part of Microsoft's increased emphasis on privacy and security, something the company hasn't always had much success with. On Wednesday, for example, Microsoft issued three new security alerts. In August, the company settled a Federal Trade Commission complaint regarding privacy and security problems with the Passport online authentication system.

And the new spam-blocking feature isn't Microsoft's first attack on HTML-formatted email. Outlook 2002, by default, blocks cookie files used to track the messages. Spammers sometimes use HTML email to place cookies on hard drives. The files can be used to track Web browsing habits or collect other information for the sender.

Although the Outlook 11 feature could lessen the hassle of unwanted email, it could also filter out legitimate data, unless the default setting is changed. Microsoft is betting this inconvenience will be worth it to Outlook users who are sick of spam.

Michael Gartenberg, an analyst with Jupiter Research, believes the company is on the right track, particularly by offering customers the option of turning the feature on or off.

"Microsoft is often in the middle in security issues and needs to balance what makes sense for (people who) use their products," Gartenberg said. "By allowing IT organisations and end-users to strike a balance that's correct for them, Microsoft's approach is a good one."

Beating down beacons
But some analysts questioned whether the new feature would be all that useful in practice.

"I don't think blocking Web beacons...in email messages will really help the spam problem that much," said independent security consultant Richard Smith. "It will just stop snooping."

"The legit email marketing companies...are really going to hate this feature," Smith continued. "They use email Web beacons...to gather statistics about email advertising campaigns."

But many Outlook users may not care about that, regarding any marketing email as spam and welcoming any mechanism that can give such mail the boot.

"It's often hard to distinguish between one person's spam and another person's valuable information," said Jupiter's Gartenberg.

Directions on Microsoft analyst Paul DeGroot said the new feature doesn't make Outlook foolproof and that the safest bet is simply to use common sense.

"If you can't tell that the message is about something you need to know about, and from someone or some organisation you know, just delete it," DeGroot said. "The numerous scripting bugs that have been found in Outlook in the past have made this a best practice."

DeGroot noted that Web beacons are not just an email problem. A recent security problem affecting Microsoft's Word 2002 allowed for a similar kind of tracking.

"If someone sends you an attachment in Outlook that contains a Word document that links to an external Web site, the same tracking is possible," DeGroot said.

Lessons learned
When it came to adding the new feature, Microsoft apparently learned a lesson from past mistakes. With the release of Office XP in May 2001, the company rigged Outlook to block more than 30 types of file attachments, including Help files. The move drew a rapid negative response from Office users because Microsoft initially provided no mechanism for turning the feature off.

Still, consultant Smith said "automatic blocking of attached executable files in Outlook (is) one of the most important security improvements that Microsoft has made so far."

The new Outlook 11 feature can be turned off in several ways. Users can disable the mechanism completely, or turn it off for any individual message they chose. They can also choose an option that allows HTML content in email from Web sites people have designated as trustworthy.

"I think Microsoft errs on the conservative side when it comes to privacy and security," said Gartner analyst Michael Silver. "That's a good feature, as long as the pieces are there to turn it off, which would appear to be the case."

Besides the content blocking, Microsoft has added other security enhancements addressing problems posed by HTML email.

"You can now convert all your email to plain text," Microsoft's Marks said, another way of thwarting unwanted email cookies and Web beacons.

"This feature has been a popular request," Smith said. "Lots of people seem to really hate HTML email. It is almost a religious issue."

The big makeover
Microsoft kicked off the first Office 11 test period last week, but the majority of testers outside Microsoft didn't receive their software until Wednesday. The new version of the email program will be included in Office 11, the next incarnation of the software giant's widely used office productivity software. About 12,000 people -- half within Microsoft -- will be testing Office 11. Microsoft has not announced the official name or pricing of the product, which is expected to ship in mid-2003.

In this first test version, Outlook has undergone a significant makeover. Microsoft has revamped the interface, removing, for example, the left-hand Outlook Bar that has been part of the product for about seven years. In a potentially more dramatic change, Microsoft has moved the preview pane from the bottom of the page to the right-hand side, though people do have the option of returning it to the former position.

Marks described the change as "a more natural" way to view messages, which display like a normal full-length page document.

Jupiter's Gartenberg said the interface change is as much about boosting sales as making the product more usable. "Part of the effort is to give their software a new look and feel to make your current software feel obsolete," he said.

But the change is also designed to prepare Outlook 11 for use on Windows XP Tablet PC Edition, Microsoft's specialised operating system for pen-based computing, which the company and computer manufacturers will launch in New York next week. Microsoft also is integrating support for "digital ink" in all Office 11 applications. This would let people use a stylus to write text directly into the applications or to make annotations. Microsoft is expected to release next week an enhancement adding similar capabilities to Office XP.

Many other Outlook 11 changes are less obvious. The product features a new cache mode that makes connecting to Exchange servers easier. Cache mode makes email and other Outlook data readily accessible, rather than requiring the email program to constantly access the Exchange server. The feature also keeps a person's data file synchronised with the one on the server.

People connecting to the Internet mail server will find that "We've made the process eight times faster," Marks said.

Other tweaks in Outlook 11 include a pop-up box that appears at the bottom right-hand side of the screen with a synopsis of each incoming email message. Also, single messages can now appear in multiple folders. Outlook 11 includes more sophisticated handling of digital certificates, too.

See the Software News Section for the latest headlines on everything from peer to peer clients to Office software and beyond.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
39 out of 68 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Enterprise applications



Company/Topic Alerts

Create a new alert from the list below:





Featured Talkback

The internet is going to have do a lot of maturing before it is ready for this kind of traffic. Security is always going to be a problem, connectivity is poor, and most business's are unwilling for their employees to have open access.

By: ator1940

Read full story:
Microsoft prepares to take Office online