back to article Hotmail always-on crypto breaks Microsoft's own apps

For the first time in its 13-year history, Microsoft's Hotmail comes with the ability to protect email sessions with secure sockets layer encryption from start to finish. It's the same always-on encryption Google Mail has offered for more than two years. And it comes with some pretty extreme limitations – namely the inability …


This topic is closed for new posts.
  1. TeeCee Gold badge

    Gmail HTTPS.....

    ....does not work with the, er, iGoogle mail plugin.

    If you set it to "always on" (and the default here is "on when possible") all you get in iGoogle is a message saying that you need to turn it off so that your mail can be displayed. Actually, I have found it has something of a habit of occasionally coming up with that even when fallback is allowed. A close and reopen of the browser session fixes that one.

    Just maybe the reason that Gmail's HTTPS function *seems* to work transparently with everything is that the default setting is to fall back to HTTP when the requestor cannot handle HTTPS?

    1. petur

      RE: Gmail HTTPS.....

      I don't see any 'on when possible' - here it says always use or not always.

      Mine is set to always use https, and igoogle works just fine

  2. Dan 55 Silver badge


    When are they going to get round to flicking the switch and going SSL?

    1. Paddy Fagan


      > When are they going to get round to flicking the switch <snip>

      I suspect any switch flicking around Yahoo might not be to switch anything on...


  3. Anonymous Coward
    Jobs Horns

    A stupid post actually....

    MS, or is that MSN, or is that MS Messenger, or Hotmail, or Windows Live or ummmm there are so many permeatations - or versions of either and or all or bits of sum from 1999 until 2010.......

    i actually admit to having a hotmail account - but when i faced all the bullshit with that AND I caught onto Microsoft doing regionalised affiliation with assorted media networks.... to shove insipid advertising in our faces - well before they caught onto the fact that having a 2 Meg attachment limit - was not an upgrade from 1 Meg, compared to Yahoo's and Gmail's 20 Meg attachment size...

    Soooooooooooooooooo as long as this post has very little point to it, but then again so does Microsofts Hotmail.

  4. Darkwolf

    They are...

    probably using a single SSL certificate being shared across multiple domains/subdomains. Have seen places try to do this, and never ends well.

  5. Baudwalk


    Have they heard of them in Redmond?

    If Hotmail and their desktop clients simply used good ol' IMAP and SMTP spiced with a little SSL/TLS, it would Just Work.

    Of course that's the problem with Gmail: It's just so damn good and convenient.

    Every time I start to worry about the privacy issues with having Google know as much as they do about my virtual comings and goings, they seem to add just one more neat little feature to Gmail...

    Oh, I can quit anytime I want to. Really.

    (Where's the crack addict icon.)

  6. Deadly_NZ

    Download it

    I just get Thunderbird to download it all to my server at home



    and my private personal mail as well

  7. Anonymous Coward

    Sums MS' attitude to security really

    The fact that Hotmail is in this state just goes to show that MS don't and never have given a fig about security. SSL has been mainstream for donkeys now, and MS STILL haven't managed to get to grips with it.

    But I agree with Baudwalk's post - if MS just stuck to the standards that are known to work and are reliable and (heaven forbid!) inter-operate with everything else (ie - SMTP and IMAP), rather than on insisting on trying to lock people into some proprietary crap (that even today, a staggering number of people are still unbelievably gullible about using), then it would "just work" like every other email system does.

  8. CD001



    one wonders if it will give Hotmail users a false sense of security.


    MS software giving (clueless) users a false sense of security? Say it ain't so!?

  9. Anonymous Coward

    And it bloody doesn't work

    As a paying customer I get "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type.".

    Then genius of this error message is just too much. Not guide on why I've got a unsupported account type or what can be done to help me. Just a big fat sod off.

    Add that to a password which can't accept non-numeric characters and you have security and user experience designed by idiots I might finally have to get off my ass and get a decent email account. Ho hum...

  10. Twilight

    doesn't work at all

    My wife has a hotmail account that was hijacked (probably from Firesheep) and used to send spam to all her contacts. I changed the password (which did prevent further logins) but when I went to turn on https, I too got the lovely "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type". Of course, they don't give *any* helpful information - no info on why it doesn't work, no info on how to correct it, etc. A search of help/support also turns up nothing vaguely useful.

    My wife is now seriously looking at switching email to gmail even though she's had her hotmail account for 12+ years.

This topic is closed for new posts.

Other stories you might like