Microsoft enables opportunistic TLS encryption for hotmail.com, outlook.com, live.com

[petergh]

I've yet to find an official announcement from Microsoft, but it looks like they've enabled opportunistic TLS encryption on their incoming mail servers. See, for example, this header from a test message I sent to outlook.com from LuxSci:

Code:

Received: from rs104.luxsci.com ([66.216.77.130]) by COL004-MC6F11.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22712); 	 Mon, 23 Jun 2014 01:42:51 -0700

LuxSci's TLS checker tool (https://luxsci.com/extranet/tlschecker.html) also says TLS is enabled for hotmail.com, outlook.com, and live.com (those are just the ones I've tested, there may be more).

[Berenburger]

Quote:

Originally Posted by petergh

LuxSci's TLS checker tool (https://luxsci.com/extranet/tlschecker.html) also says TLS is enabled for hotmail.com, outlook.com, and live.com (those are just the ones I've tested, there may be more).

live.nl tested OK.

[William9]

That is a recent change for Outlook.com. Good news.

[n5bb]

Thanks for the news! I think the change to use STARTTLS at Microsoft (hotmail.com, outlook.com, etc.) for both incoming and outgoing SMTP connections to other services was made sometime between June 4 and June 18, 2014, based on messages I found in my Inboxes. On June 18 I received a "Our terms of use are changing" email from Microsoft and it was received using TLS encryption. This is very good news! See:

• Microsoft blog
• Electronic Frontier Foundation encryption report - update
  
• Opportunistic SMTP STARTTLS encryption (updated post)

Bill

[William9]

Yahoo.com now supports opportunistic incoming TLS. When I checked a few months ago, it did not.

[n5bb]

Quote:

Originally Posted by William9

Yahoo.com now supports opportunistic incoming TLS. When I checked a few months ago, it did not.

When I checked two months ago (in mid-April 2014), I saw Yahoo erratically supporting both incoming and outgoing TLS.

Bill

[nbarr]

Quote:

Originally Posted by petergh

I've yet to find an official announcement from Microsoft, but it looks like they've enabled opportunistic TLS encryption on their incoming mail servers.

Confirming what you had already found.
http://blogs.technet.com/b/microsoft...y-efforts.aspx

Quote:

Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email.

Quote:

In addition to the availability of TLS, Outlook.com has also enabled Perfect Forward Secrecy (PFS) encryption support for sending and receiving mail between email providers.