Hotmail Calendar has more than 18 million customers creating more than 1 million events per month. We're happy to announce that we've just released an update to Hotmail Calendar that addresses the most common request we get: improving the way reminders work.

Now you can:

• Set up multiple reminders for each event and send them to your email address, mobile phone, or even to Windows Live Messenger. You can even send reminders to multiple email addresses or phone numbers, to make absolutely sure you don’t miss the event!
• Set up different reminders for each one of your calendars. New events that you create on each calendar will get those reminders by default. (Don’t worry, you can still set different reminders for individual events.)
• Get notified when someone else updates an event or to-do on a shared calendar.

To set up and start using your new reminders, just go to the Calendar options page.

If you haven’t tried Hotmail Calendar yet, give it a shot. It’s the best way to get reminded of your events and to keep track of what’s going on with family and friends through shared calendars. To try it, click the Calendar link in Hotmail, or go to http://calendar.live.com.

Dick Craddock, Group Program Manager, Hotmail

Today we are beginning to re-enable the ability to create new Linked IDs. This change is rolling out in the next couple days and should be complete this week.

For some customers – particularly power users – you’ve told us that it’s essential to be able to juggle multiple accounts. Over the last year we’ve added several powerful new ways to do this – specifically aliases and email aggregation (“POP aggregation), on top of existing features like “plus addresses”. Each of these is a great solution designed to help a different scenario:

• Aliases and plus addresses are a great way to create unique email addresses – great to manage a particular event (shopping for a car or planning wedding for example) or to manage mail from marketing sites.
• Email aggregation is a great way to take multiple accounts from different email providers and consolidate them all in your Hotmail inbox.

As we have made these changes, we looked at how most people use Linked IDs and found that, for the most part, they were used to solve exactly these problems – managing multiple email addresses and accounts. In our major update last month, one of the things we did is turn off the ability to create new Linked IDs, instead encouraging use of our new features.  However it became clear from listening to your feedback that there were many people who used Linked IDs for other reasons, and so we are making a change today to re-enable the creation of Linked IDs.

We appreciate your feedback and we will use this blog going forward to proactively communicate any changes we make to the Windows Live ID system.

Eric Doerr – Group Program Manager, Windows Live Cloud Directory

Last year, we shared some data about the behavior patterns of people using email. We found that we could group them neatly into three types based on their behavior—Filers, Pilers, and Deleters (we previously used the term “Purgers” instead of “Deleters,” but decided on a nicer term). One of the comments on that blog post said, “I am VERY happy you guys look into this kind of behavior, it must certainly be important when designing future uses of the product,” which was a nice comment and also true—we have, indeed, used this data over the past several months to create many of our new features. We thought it would be fun to share a behind-the-scenes look at some of the features we’ve released based on that data.

First of all, the most important lesson we’ve learned over the years is that people manage their email differently. Everyone has a slightly different way of approaching email, and it’s always interesting to see how people organize their inbox. Like you, I’ve sat next to someone in a meeting or on a plane and stolen a quick glance at their inbox. And like you, I’ve seen all kinds of crazy things: I have been shocked to see very organized people with 17,000 messages, and I am jealous every time I see a tidy inbox with zero messages. Some people are unabashed Pilers and others are proud Deleters. As we continue to improve Hotmail, we try to build a myriad of tools and tricks to help all kinds of users organize their inbox.

We found that most people are Deleters (53% of those studied). As the name implies, Deleters generally delete email after it arrives. Deleters receive an average of 211 email messages each week and end up deleting almost 80% of them. When we talked to these users, we found that they typically skim their inbox, delete everything unnecessary, and then begin to respond to the most important messages. The mantra for these people is, “My kitchen has to be clean before I start cooking.” In fact, they delete three out of ten emails (31%) without even reading them. Because Deleters want their inbox clean and tidy, their feature requests normally involve more tools for quickly cleaning out their inbox so they can get down to business. Sweep, for example, was a feature we built to make life easier for this type of users. Our goal is that Deleters can get to their most important email even faster after sweeping away anything they don’t want to read immediately.

Filers, on the other hand, are characterized by their zeal to move messages into folders. Filers make up a quarter of our users and receive slightly less email each week—201 messages—than Deleters. But Filers put nearly half of their email (44%) into folders immediately after it arrives. They are more likely to use our full range of features; a third of this group use vacation replies (32%) and almost half of them use keyboard shortcuts (44%). Not surprisingly, 53% of Filers set up custom filters or rules to route email to folders or subfolders. Filers often request advanced tools for routing and categorizing email. Because they value an organized inbox, we also assume that Filers often segregate their email even further and have multiple inboxes for different purposes. Multiple inboxes, of course, create inefficiency. This is especially true for Filers, since they have to maintain multiple sets of inbox rules. Our team looked at the problem from another angle and created the Aliasing feature. An Alias allows Filers to create several email addresses from a single Hotmail account. Because we had Filers in mind when we built Aliasing, we ensured that email sent to an alias could automatically be routed directly to a particular folder.

Finally, there are Pilers. These are the folks I mentioned earlier that have 17,000 messages in their inbox. Of the three types of users, Pilers receive the least amount of email each week (174 messages). But that means they still receive an average of 9,048 email messages per year. Because most of those messages (57%) never leave the Piler’s inbox, their email starts to pile up. By definition, the Piler isn’t excited about nifty tools for filing or deleting. Pilers want to keep all their email, so they need plenty of storage. But we did find that Pilers felt they “lost” email (read: were unable to find email) about 30% of the time and they also want to be able to find things fast. So we built a few of our recent features, like Advanced Search, Quick Views and One-Click Filters, with this type of users in mind. Even if Pilers don’t do anything proactive to sort or file their email, they can use Quick View and One-Click Filters to see all emails from Facebook, all emails with photos attachments, etc.

We have gotten several questions about the customer data to build Hotmail, so we put a bunch of the data and videos of the resulting features on a website. Take a look and let us know what you think.

David Law – Director, Hotmail Product Management

There are a lot of bad things on the Internet, and few are worse than phishing scams. But there is a certain class of phishing scam that has earned a special level of disdain and disgust, at least from me. I’m talking about the phishing scams that target Hotmail customers using my name, my picture, and even my signature. Grrrr.

Let me clear something up right off the bat: I will never ask for your password. No one from Hotmail or Microsoft will ever ask for your password. In fact, no legitimate service will ever ask for your password. If you ever get an email asking for any password to any service, you can be sure, without a shadow of a doubt, that the email is a phishing scam. Just junk it. (Or, in Hotmail, mark it as a phishing scam using the “Mark As” menu.)

Phishing scams

Spammers want to send spam. That’s what they do. As I said in my last post, we’ve made it hard for them to send spam with new accounts due to the effectiveness of our account reputation work. So, spammers have turned to hijacking customer accounts in order to send more spam.

Phishing scams are one of the simplest ways that spammers use to gain control of your account. The spammer sends an email that asks for your password, usually with a threat that your account is about to be closed. You reply, providing your password, and, Voila! Your account (and reputation) is hacked.

Spammers do this on all networks and all services – Hotmail, Gmail, Yahoo!, Facebook, AOL – spammers do not discriminate, and no service is immune.

How my picture got out there

Hotmail sends email to our customers fairly regularly to update people on various things, such as the availability of new software or features, or even to remind people about security measures, like creating a strong password or adding your mobile phone number to your account.

About a year ago, we decided that we would make these messages more personal by including my name, my picture, and my signature.

That decision has really come back to haunt me.

A gift to spammers

Almost immediately, the spammers copied that email, including my picture, name and signature, and modified the content so that it said something like “Your account is about to be shut down unless you reply to this email with your account name and password.”

This is a classic example of a phishing scam, and one of the most common ways that accounts get compromised. Here’s an example:

The bottom of that same email looks like this:

Yep. That’s me, all right. But that email is definitely not from me.

Even smart people fall for it

Phishing messages can look very real and convincing, so even smart, tech-savvy people fall for them. I get asked about this quite a bit.

Here’s a conversation that took place on my public Facebook page. The first person asks, “I got this message, is it really you?” In response, our Development Manager, Eliot, displayed both his penchant for pithiness and his mastery of high school French:

Phishing scammers know that they’ll get better response rates by using my pictures and my signature to produce email messages that look legitimate. They even translate their scams into multiple languages to broaden their reach.

The telltale signs of a phishing message

As I’ve said, any email that asks for your password is a phishing scam and shouldn’t be trusted. You don’t need to look any further to know the message is a fake. Nonetheless, it’s interesting to see how “creative” the scammers can get. Here are some tactics scammers use to get people to provide their account info:

They copy Hotmail’s marketing images. These phishing messages usually contain the latest image from Hotmail’s own marketing campaigns, like this one:

They provide a bogus reason for needing your password. The messages usually contain an introduction that offers a false explanation about why they need your password. Some of my favorites include:

• “We are currently upgrading our data base and e-mail account center.”
• “We are deleting all unused accounts to create more space for new accounts.”
• “We encountered a problem with our database and a lot of records were lost, we are restoring our database to enable us serve you better.”
• “We are having too many congested email due to the anonymous registration of Hotmail Msn-Live Accounts in our database system.”

Rest assured: NONE of these will EVER be a legitimate reason to ask for your password.

They design a subject line to scare you. The subject lines call for your immediate attention and are often intended to be scary. Here are a few common examples:

• Some variation of “Account Alert!!!”, or “Account upgrade alert,” or “Email account alert.”
• Some variation of “Account renewal process,” or “Verify your account details.”
• Some variation of “Email Warning!!!”, or “Verify your email now to avoid being closed!!!!!”

(Scammers really like to use exclamation points!!!! A lot!!!)

They send the email from a bad “From” address. The “From” address in the email is often a dead giveaway. At a glance, it might look like you’ve gotten mail from the Hotmail Team. But if you look at the actual email address, it’s almost always something fishy (phishy?). Typically, scammers just use the name of a Hotmail customer account.

Get educated, educate others

In a perfect world, no one would ever give out their password, and the phishing scams would be ineffective, and would just stop. You’ve already taken a step to helping us get there by reading this post, and now you can help pay it forward by educating others.

Any email that asks for your password is a phishing scam. If anyone ever asks you, “Hey, is this email legit?” just say, “If it asks you for your password, then it is absolutely, definitely, without question a scam! Report it as junk!”

As a final note, some of you might be wondering, Why can’t Hotmail detect these scams? We can detect these scams and do detect many of them. But it’s just a numbers game, and spammers are capable of producing a huge volume of phishing scams, with enough variation in the text and images to fool our filters a small percentage of the time. In addition, it’s important for us to keep the false positives low – meaning that we don’t want to mistakenly identify a legitimate email sent from a good user as spam.

So, until we get to that perfect world without spammers, we’ll be here building better and better systems to battle the bad guys. Thanks for reading, and thanks for using Hotmail.

Dick Craddock, Group Program Manager, Hotmail

In our war on spam, we’re making real progress. We’ve cut spam in Hotmail inboxes by 90% from its peak. We’ve played a key role in reducing spam on the Internet by 15% from its peak. And we’ve made it harder for spammers to use Hotmail to send spam – reducing “outbound spam” from Hotmail by 75%.

Last year, we wrote about how Hotmail was fighting a war on spam with our SmartScreen™ technology. This post gives an update on the latest and greatest features and innovations that we’ve brought to bear against the spammers. We’ve made it so hard on the spammers that they have now turned to a technique called “reputation hijacking.” I’ll explain how spammers use reputation hijacking across all email services and how Hotmail is shutting them down.

As you’ll recall from our earlier posts, spam is a huge problem that continues to plague the Internet. Historically, more than 90% of all email sent has been spam, and spam affects every email provider. Spammers do what they do because it’s profitable; they need only a few people to click on the spam messages in order to make money.

Way back in 2006, Hotmail had a big spam problem, and we got a deservedly bad reputation for it. Since then, we’ve made amazing advances, and over the last few years, we’ve wrestled the spammers to the ground. Here’s a chart that shows the amount of Spam In The Inbox (SITI) for Hotmail users over the last several years, compared with the amount of spam on the Internet (expressed as a percentage of all email that is sent on the Internet).

The chart shows two things:

Hotmail keeps spam out of your Inbox
We’ve reduced the level of spam in Hotmail by 90% since its peak in 2006. Since last year, we’ve reduced what was left by another 40% (from 5% true SITI to 3% true SITI).

We’ve helped to reduce overall spam on the Internet
The percentage of spam on the Internet has actually declined 15% from its peak in 2008, due to a number of factors including the legal and technical disruptive action Microsoft has helped drive in the prosecution of spammers and the takedowns of botnets used to send spam. Botnets – collections of people’s malware-infected computers covertly operating under the remote control of a cybercriminal – are often used to send spam (and commit other online crimes). This video explains a little more about how botnets are used to send spam.

Microsoft is working with law enforcement and others in the industry to proactively take down and dismantle botnets, including our recent takedowns of the Waledac and Rustock botnets. These disruptive actions are proving to be important in the fight against spam by taking away the tools and infrastructure cybercriminals use to spam the world. These efforts are paying off: before we took them down, Rustock was known as one of the largest single sources of spam on the Internet, capable of sending up to 30 billion spam messages a day. Global spam levels have gone down and stayed down since we took them out.

Our relentless pursuit and prosecution of spammers helps not only Hotmail, but all email users on the Internet. In fact, Microsoft has established a Digital Crimes Unit whose sole mission is to disrupt cybercrime like this. Spammers may keep developing new tactics and tools, but Hotmail and the Microsoft Digital Crimes Unit are going to keep working together on disruptive actions to help protect our customers and make the Internet safer for everyone.

Getting SITI low and keeping it low

Between 2006 and 2009, we dropped true SITI from 35% to under 5% with a variety of investments including connection-time filtering, content filtering, blocklist and safelist preferences, and more. Of course, the spammers continue to come and continue to get more and more clever. But we’ve not only held the spammers at bay, we’ve actually reduced SITI even more. Over the last year, we’ve dropped SITI to historically low rates – below 3%. Here are a couple of the new tools we’ve created to help us keep winning this fight:

Personalization
Our spam filters are great at filtering out spam for the general population. However, we knew we could do better. So we created personalized spam filters that work based on how you use email – using information about the people you send email to and receive it from and also which email messages you actually read.

Trusted sender
Hotmail helps you to visually identify trusted senders in your inbox, particularly banks and other institutions commonly used for phishing scams. We put safety logos next to only those senders that we recognize as legitimate so that you can more easily spot malicious imitators. It’s important to note that this also helps us take more aggressive spam-prevention action on email that is attempting to imitate a legitimate trusted sender.

These two tools augment the efficiency of our SmartScreen™ filters. But of course, we’re also continuously tuning the other SmartScreen™ features – like Time Travelling filter, IP reputation, URL reputation and more – to get additional gains in spam prevention.

Spammers use Hotmail, too

Almost nothing is more frustrating for us than knowing that the spammers use Hotmail, too. Of course, spammers use all the major email services to send spam, and all mail providers must battle the problem we call “outbound spam.” Outbound spam is a form of “reputation hijacking.” After all, Hotmail maintains a good reputation among all email providers; simply put, email from Hotmail gets delivered, and the spammers know that.

Just as we’ve made great strides battling inbound spam (SITI), we have also made it increasingly difficult for the spammers to use Hotmail as a spam-sending tool. In fact, over the last year, we’ve reduced the volume of outbound spam from Hotmail by 75%.

Here are a few of the innovative features that helped us get it done:

Account reputation
As you use your account, you gain a “reputation.” Good behavior (receiving email from the same people you sent email to, for example) gains you a good reputation. Bad behavior (sending a bunch of email and getting only delivery errors, for example) gains you a bad reputation, as these behaviors are indicative of spammers and other service abusers. Gain a bad enough rep, and we change the way your account works. For example, we will prevent accounts with bad reputations from sending mail.

Account creation limits
We have a variety of ways that we throttle account creation in order to prevent spammers from getting an unlimited number of free accounts to use in sending spam. For example, we limit the number of accounts that can be created per day from a particular IP address.

Outbound content filters
Just like we filter incoming mail to remove spam, we now filter outbound mail as well. For example, we look for suspicious content that matches known spam campaigns.

Spam and compromised accounts

In the old days (you know, two years ago), the spammers just opened email accounts at one of the major providers to send spam. After all, accounts at Yahoo!, Gmail, AOL, and Hotmail are free and can send email, which is pretty much all you need to start a spam campaign.

But with the advances we’ve made in account reputation, these accounts have become less and less useful to spammers. Unfortunately, our success in preventing new accounts from sending spam had a tragic side-effect: Spammers turned to using existing customer accounts to send spam. This is a second form of reputation hijacking, in which the spammers are hijacking your reputation as a good customer of Hotmail. How? By hijacking your account.

In fact, most outbound spam now comes from hijacked accounts.

As the problem of account hijacking has grown over the past few years, we’ve invested more and more energy into protecting your accounts and, in doing so, making this avenue of sending spam less and less attractive to the bad guys. We fight account hijacking by focusing on three key activities:

Detection
When a spammer hijacks an account, we have many ways of detecting that hijacking. We look for unusual behavior from the account, including access from unusual IP addresses, sending an unusual volume of mail, sending mail that triggers our outbound spam filters, etc. We even introduced a feature that lets you report your friends if their accounts get hijacked.

Remediation
Once we’ve identified an account as compromised, we want to block the hijacker from accessing the account and then return the account to the rightful owner as painlessly as possible. We typically block the account and then send the real account owner through an account recovery flow that the bad guys will have difficulty getting through. We provide many ways for you to protect your account by setting up “proofs” that only you will be able to use to prove account ownership. We strongly encourage all our users to set up these proofs on all their email accounts. Proofs include:

• Mobile phone number (to receive an SMS code)
• Alternate email addresses
• Trusted PCs

Prevention
Of course, the best way to fight hijacking is to prevent it from happening in the first place. The problem is that hijacking is fairly straightforward in many cases – it’s just a matter of getting your password. Hijackers get your password through several methods:

• Guessing (although we made that a lot harder by banning common passwords)
• Using phishing scams, in which the hijacker just gets you to give up your password
• Installing key loggers and other malware on compromised computers

We’re fighting all of these not only in Hotmail, but in Windows and all the Windows Live services. For example, we’ve made IE more secure by detecting URLs with bad reputation, and we’ve added phishing and social engineering detection to SmartScreen™.

We’re not letting up

We’ve made tremendous progress in our battle against spam, but we know that spam and hijacking will continue to be a big problem for all service providers as long as there is economic incentive for the bad guys to do what they do. So we’re not letting up. We continue to invest in research and development to find ways to make it even harder for the spammers to get spam into your Inbox and to use Hotmail as a way of sending spam.

In my next post, I’ll go a bit deeper on one of the most insidious ways that spammers compromise your account: Phishing attacks. See you then.

Dick Craddock
Group Program Manager, Hotmail