Scammers Are Going to Love Windows 8 Mail

I’m not sure whether or not you noticed, but Windows 8 is out. It’s out on the desktop, it’s out for tablets, and Microsoft even has its own hardware now in the form of the Windows Surface. With over 40 million licenses of Windows 8 already sold (retail, OEM and corporate), there’s an awful lot of machines out there with the potential to run the Windows 8 version of mail.

While the Mail application makes for a nice experience on the tablet device, and an acceptable one on non-touch devices, in my humble opinion it is NOT ready for prime time. If you’d like to know why, please read on.

This slimmed down, optimized for touch mail client is both really nice, and rather scary. It’s nice in that it really does boil the mail client down to the most rarified form…it’s like the brandy version of Outlook Express’s fine wine. Mail uses the Exchange ActiveSync protocol to connect to Exchange servers, which means that many corporate email admins will be comfortable permitting personally owned devices to connect to the company’s Exchange on-prem or Office 365 email system since they can use EAS to lock down personal devices, and if necessary, remote-wipe them. Of course Mail can also connect to email systems like Hotmail/, Gmail, Yahoo, AOL, or other IMAP email system offering IMAP, but from a corporate perspective it’s going to be Exchange on-prem or Office 365 that will see the most demand.

Mail has some notable limitations that most users will pick up on quickly. The most obvious is that there is no way to print from it directly. Tablet users may not notice or even care, and if they do, they will find themselves in the same situation most iPad users are in. But printing is secondary to my two main concerns.

The first is that there are no junk-mail settings in this client. For an EAS client, built to connect to corporate email systems, it came as a shock to me that while I could see my Junk Mail folder, there was no way I can mark a false positive as from a safe sender, or mark an actual piece of spam in my inbox as junk. There’s no way to block senders or add senders to my safe senders list. Yes, these are features only available in Exchange and O365 when using Outlook or OWA, but remember, who makes both those products and this mail client?

That’s not the worst of it. “Missing” features may come in a future update or service pack, or you may just have to use a full client or OWA to access those settings. Here’s the worst of it.

Consider an email that arrives in an end user’s mailbox. It contains a link, or two, or even ten. Some of those links might be full URLs, others may be just text with a hyperlink. Some may even be buttons or pictures. Whenever you get a suspect mail, what do you do with any of those links to get a better idea of where they go? That’s right, you mouse over them to see what the actual destination looks like. I’m only assuming that it is because Mail was built for touch devices first, Microsoft decided to leave out a mouse-over option. Okay, I get that. However, what they did not include was any kind of safety mechanism. You click one of those, you open it. There is no warning, no indication of where the link might be taking you. It opens any link in IE10.

Sure, you clicked on a link, so you want it to open. You’re a techie. What’s the number one way our users get pwned? They click on links without checking them! And there is no way in this client to check on those links. You either click, or you ignore. To which one of these will your users default?

Until better/safer/more locked down options exist for Mail, I won’t be recommending that you use it, advocate it, or even grudgingly acknowledge that it is something your users can configure. I’ll be actively advising my users not to use it, and to stick with webmail access to any of their email accounts (or installing something more robust) until Mail catches up with the rest of the Internet. Here’s hoping Microsoft drops a patch quickly.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.


  1. Lisa S. · December 7, 2012

    It seems, Windows 8 Mail suffers from the same disease that made me ditch Ubuntu Unity a year or so ago. Mobiles are cool but still there are desktop users and as every User Interface beginner will tell you, these devices are very different and you can’t splash your slimmed-down mobile version for a desktop and have your users happy. Bad for Microsoft to repeat the mistakes of its competitors!

  2. Jonathan Wayne · December 11, 2012

    What?! No Junk Mail?! It’s like taking that giant leap backward. In fact, it’s like going back to Internet’s ancient times. I still can’t believe what I just read. While most e-mail platforms are now giving users the option to immediately click Report Spam even without opening the mail, here comes Windows Mail 8. Yeah, it’s definitely taking streamlining a little bit too far. And thanks to this blog post, I am not recommending this to my friends, and of course, I’m not using this ever. I may even have to let go of Outlook too. What’s happening, Windows and Microsoft???

  3. Easter Gray · December 17, 2012

    I think it’s the effect of trying to streamline their apps so they will look very sleek in mobile devices. This is actually a very common occurrence these days, and it’s really sad because these companies or developers are compromising security and functionality over aesthetics. Though I wouldn’t wish to use any crude app, especially an e-mail platform, I also would like to avoid one that can put my device as well as my personal information in peril. I hope Microsoft can take a look at this and fix this ASAP, because the brand is showing a lot of promise in the mobile arena.

  4. Karen Darville · January 18, 2013

    I hate windows 8 mail. hate hate hate.

  5. Jon · February 6, 2013

    I suppose they assume everyone will be using a server based email (imap or exchange) and the junk rules will live there.

    You shouldn’t have to launch another app in order to mark as safe or visa versa.

    There isn’t any excuse for the link issue, they may say. Everyone should be running anti-virus software. That is lame though.

    I hope someone comes out with a more viable win8 email client soon. Until then I am using Windows Live Mail 2012 on its desktop.

  6. Allen · February 8, 2013

    Can’t block people from the stupid messenger on windows 8. All I can do is “delete conversation”. Stupid spammers message me every time I start my computer. WTF MICROSOFT.

  7. Andrew · February 15, 2013

    What the heck is Microsoft thinking? NO WAY TO CONTROL JUNK EMAIL THAT IS SO LAME. I HATE WINDOWS 8 , NO I JUST HATE MICROSOFT IT IS THE BIGGEST RIP OFF COMPANY IN THE ENTIRE WORLD. Looks like I will be going back to my Mac once again.

Leave A Reply