Outlook Express
Microsoft Outlook Express is an
e-mail and
news client bundled with certain versions of
Microsoft Windows starting with
Windows 95 OSR-2. It is bundled with the
Internet Explorer 4.0 web browser by Microsoft (also bundled with some versions of Windows), and also available as a no-charge download for the classic
Apple Macintosh operating system (although not for the newer
Mac OS X, where it has been replaced by
Microsoft Entourage, which is sold as part of
Microsoft Office for Macintosh).
Outlook Express is the successor of
Microsoft Internet Mail and News, an early e-mail client add-on for Internet Explorer 3.0
Outlook Express has earned a reputation as the
de facto standard e-mail client because of its wide availability, and also as the
de facto vector of
worms and
viruses. The Macintosh version, no longer under development, was less vulnerable.
In October 2005, Microsoft announced that the next version of Outlook Express (to be released with
Windows Vista) would be renamed as
Windows Mail. Microsoft is also developing
Windows Live Mail Desktop, a replacement for Outlook Express on Windows XP and Vista that will feature a super-set of Windows Mail's features.
Outlook Express is a different program from the
Microsoft Office Outlook e-mail client which ships with Microsoft Office for Windows. The two programs do not share common code, but do share a common architectural philosophy. The similar names lead many people to incorrectly conclude that
Outlook Express is a stripped down version of
Outlook. Outlook Express is bundled with
Internet Explorer.
Windows 95 included Internet Mail and News, a simple precursor to Outlook Express. Internet Mail and News handled plain text e-mail (not HTML mail), and had none of the security holes Outlook is known for. However, Microsoft did not provide it with a way to back up the address book â€" something that would later create a great deal of frustration among users.
Outlook Express has been vulnerable to a number of problems which could corrupt its files. This has led to a thriving market for programs which can backup, restore, and recover corrupted OE files. A cursory Internet search on the term Outlook Express will reveal dozens of such rescue programs. However, Microsoft has released a procedure for Windows XP which may be able to correct problems and restore access to e-mail messages without resorting to third party solutions using their
Outlook Express Basic Repair Kit.
Security issues
In the "Welcome e-mail" for both Outlook and Outlook Express, Microsoft acknowledged that with new HTML e-mail, security was a risk, and described their plan for foiling the security risk. Outlook Express and Internet Explorer both featured security zonesâ€"a feature neither found in nor desired by the makers of competing products. The zones were Intranet, Internet, Trusted, and Restricted. Internet was for any site not in a zone. Trusted sites could do things without asking user's permission. The trusted zone was clearly designed for administrators who wanted to allow updating without any confusion.
AOL used it to add http://free.aol.com to ensure that users who wanted to download their online service client software didn't have to grant them permission via an
ActiveX dialog box. AOL was worried that the warning might scare away potential customers. AOL's action required an Internet Explorer
hack that should not have been possible if Microsoft's zones had worked as intended. Rather than the zones being controlled by the user, AOL had shown that remote sites could alter them.
But that was a relatively benign breach due to Microsoft's implemention of the plan. Another flaw was the fact that the "Restricted" security zone wasn't restrictive enough. A script could automatically open as an attachment. Another aggravating factor was a bug in Outlook Express's attachment handling that allowed an executable to appear to be a harmless attachment such as a graphics file. This bug was later fixed so that only the last '.' represented the end of the filename and the beginning of the
file extension—the correct behavior for the Windows
filesystem. Opening or previewing an e-mail can cause code to run without the user's knowledge or consent. In fact, turning off the preview pane only seemingly circumvents this vulnerability. Even when the preview pane is turned off, Outlook Express automatically "internally" opens the first message in the inbox (
see). A host of viruses exploited this.
Outlook Express uses Internet Explorer to render email. So even if users completely avoid use of Internet Explorer and use only other browsers, they are exposed to all its security holes when using Outlook Express. And Internet Explorer is designed to try to execute almost any executable and script it encounters in an effort to make browsing an "easy" experience, which has also enabled it to be the vector of most viruses and other malware.
Obtaining security fixes
Any security fixed acknowledged by Microsoft is handled according to Microsoft's internal security policy, and when necessary, patches are distributed via
Microsoft Update. Some minor non-security problems are documented in the knowledge base. Calls to Microsoft's technical support about obtaining patches are without charge.
On the Macintosh platform, Outlook Express uses the
Tasman engine, and any support to be had should be found at
Mactopia. Microsoft no longer formally supports the product, however.
Secunia's database of security vulnerabilities lists many more flaws (some dating back to
2002) than Microsoft has patches for.
Handling of PGP/MIME signed messages
Outlook Express doesn't correctly handle MIME, and won't display the body of signed messages inline. Users get a blank email and two attachments (one of the message text and one of the signature) and therefore need to open an attachment to see the email.
Storage location of email data
If you have not been backing up Outlook Express periodically, you may find that the program does not permit an easy 'rescue' of data, for example from a hard drive that is accessible but can no longer be used to boot up from. For those willing to tinker with files themselves in order to rescue their Inbox and Sent Items, a helpful first start is to know that Outlook Express will store its email files in a location such as the following: "C:\Documents & Settings\Administrator\Local Settings\Application Data\Identities\{SDOCE8ABD-5896-3E3D5}\Microsoft\Outlook Express" where 'Administrator' is your logon ID and the value in curly-brackets {} is an arbitrary string. You should be able to find corresponding folders on both your new hard drive and the old one. However, simply copying files from old to new may not be ideal.
It may help to first run your new version of Outlook Express, create some uniquely-named folders within Outlook Express, e.g. 'Rescued Inbox' (be sure to click on the new folder to actually force the program to create the file 'Rescued Inbox.dbx'). Then quit Outlook Express, find your old inbox on the old hard drive and rename it 'Rescued Inbox.dbx', and finally copy it over to replace the newly formed 'Rescued Inbox.dbx' on your new hard drive. This prevents your loss of any new emails, and also ensures that your new version 'knows' about the rescued emails you are copying over.
Email addressess data
Outlook Express does not store its own email address list. Instead it relies on the
Windows Address Book, which is actually a component of
Windows. The address book data are typically found (in
NT based versions of
Windows "C:\Documents and Settings\%USERNAME%\Application Data\Microsoft\Address Book\".
Outlook Express stores its e-mail messages in different formats depending on the version.
*Outlook Express v 4, which shipped with
Windows 98 (June 1998), stored messages in *.mbx files.
*Outlook Express v 5, which shipped with Windows 98SE (June 1999), switched to *.dbx files, with a separate file for each mailbox folder.
*Outlook Express v 5.5 shipped with
Windows Me (June 2000)
*Outlook Express v 6, which is included with
Windows XP, also stores messages in *.dbx files.
*Windows Mail v 7, which is expected to ship with
Windows Vista, stores messages in individual *.eml files.
*
Microsoft Internet Mail and News*
Windows Mail*
Windows Live Mail Desktop*
List of e-mail clients*
List of news clients*
Comparison of e-mail clientsMicrosoft
*
Outlook Express home page for Windows*
Outlook Express home page for Macintosh*
Differences between Outlook and Outlook Express, from the Microsoft knowledge base
Other sites
*
Inside Outlook Express Tips, FAQs, Bug fixes
*
Turbo Outlook Express Backup Outlook Express Backup Software
*
Outlook Express Guru Avoiding viruses, spam and quicker usage of Outlook Express
*
Backing up Outlook Express data*
Outlook Expresss Mail Recovery Recover Outlook Express emails from corrupt .dbx .mbx files.
*
Secunia commercial security firm compares the latest unpatched known flaws of Outlook Express with those of other e-mail clients
*
ABCSpell for Outlook Express Multi-language spell checking for Outlook Express
*
Synchronization tool for Outlook Express Transfer and synchronization tool for Outlook Express
*
libwab a GPL command-line utility that can export the contents of a
Windows Address Book file (used by Outlook Express) to
LDAP Data Interchange Format.
