Niels K.Jun 28, 2024
Don’t use “Outlook (new)” in #Windows 11. I just did a tcpdump and looked also at my #mail servers when setting up an account in there. The mail client only spoke with Microsoft-servers, never with my mail-servers and I saw on my mail-servers only connections from Microsoft-IPs.
Show threadMartin ███████Jun 28, 2024
@nielsk So would it make sense to block MS on submission and IMAP ports? What legitimate business could they have?
Show threadrailmeatJun 28, 2024

@unixtippse @nielsk

It sounds like they proxy all the connections so all the mail passes through their servers. I wonder how long they keep it? I guess everyone’s emails become grist for AI.

I wonder what their terms of service say about that?

Show threadseism0saurusJun 28, 2024

@railmeat @unixtippse @nielsk

It's documented, that they store the credentials to the Mailservers in cleartext on their servers and fetch the Mails there. It's a shitty design.

Show threadrailmeat

@seism0saurus @unixtippse @nielsk

Credentials in plain text? I thought we got past that in the’90s.

Where is that documented?

Jun 28, 2024 at 10:13amWeb
Show threadseism0saurusJun 28, 2024

@railmeat @unixtippse @nielsk

Otherwise they can't access your Mailservers.
I'm not sure if the data at rest is unencrypted but at least it is reversible since they need it for login to your mailservers.
It is definitely not a standard like bcrypt or scrypt there the credentials are secured by a one way function

https://www.heise.de/en/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9608798.html

Microsoft lays hands on login data: Beware of the new Outlook

The free new Outlook replaces Mail in Windows, and later also the classic Outlook. It sends secret credentials to Microsoft servers.

heise online