MOOL is a subscription service which provides a leased copy of Outlook to subscribers, along with the MSN Outlook connector. Normally $60, it's priced at $45 for an introductory period. When you consider the cost of a Hotmail plus account, and the antispam and antivirus features offered, it's a good value for an Outlook license. As long as you remain a MOOL subscriber, you'll be able to use the latest versions of Outlook as they are released.

The subscription includes a Hotmail email address with 2GB of storage and the ability to send messages with attachment up to 20 MG in size. If you already own a license for Outlook and subscribe to MSN Premium, you won't need MOOL unless you need another license for Outlook as MSN Premium includes the connector, however you will need to install the latest version of the MSN software to install the connector.

The MSN Outlook connector is a MAPI transport for Outlook 2002 and Outlook 2003 that syncs Outlook and your MSN accounts, offering many of the advantages of an Exchange mailbox to MSN subscribers. The connector lets you set the MSN mailbox as your default message store, which allows you to easily sync appointments, contacts, and tasks between Outlook and MSN (but not appointments shared with you by other MSN/Hotmail users). This means if you set appointments with reminders using the web interface, they are synced with Outlook and will fire as long as the MSN mailbox is set as your default. If you have POP3 accounts in your profile and the MSN account is your default account, the mail collected from your POP3 accounts will be copied to the online MSN mailbox unless you use rules to move it to another PST.

For very small businesses who need calendar sharing, MSN/Hotmail is one option and MOOL makes it much easier to use. While the big selling point is a subscription license for Outlook 2003, the MSN Outlook connector offers improved syncing capabilities for all Outlook folders. If you have Outlook 2000 or earlier, you can't use the connector without upgrading to a newer version and will need to purchase MOOL. Although the connector works with both Outlook 2002 and Outlook 2003, it works better with Outlook 2003.

If you take advantage of this offer to upgrade to Outlook 2003, remember that the "Office envelope" features, including many of the email options on the File | Send to menus in other Office applications, will only work when you use the same versions of Outlook and Office applications. This effectively eliminates your ability to do mail merges.

For more information about MOOL, see http://www.slipstick.com/outlook/mool.htm, or http://outlooklive.msn.com/ to subscribe to it.

Every so often the topic of preview pane (and Reading pane) safety comes up in online forums. The question this week went like this:

"Some of my IT friends insist that it is dangerous to have the preview pane switched on in Outlook. Some of my IT friends say that it is not true that I can get a virus by simply viewing the message via the preview pane."

Some of her IT friends are correct-- you can't get a virus just by reading an email if you have all of the latest patches for your version of Outlook, Windows, and Internet Explorer. Even if you aren't completely up-to-date, you're still pretty safe using the preview pane. Outlook 98 is the least safe of all versions to use and if you use it, you really should consider upgrading.

"I have switched off the option that an e-mail will be marked as read when I flick through my messages."

Marking a message read (or not marking it read) will not affect the security of the preview pane. It's the act of viewing the message that is risky. Because security is tighter on the preview pane than on opened messages, using it is slightly less risky than actually opening the message, but the reasons for this have nothing to do with the read state.

"Does anyone have an answer if I can get a virus if I have the preview pane switched on but do not open the actual e-mail?!"

Anything may be possible in the future, but at this time the answer is No, you can't get a virus by reading a message in preview.

Another poster took exception to my answer and replied with this:

"Diane have you seen this?

Cursor and Icon Format Handling Vulnerability - CAN-2004-1049 (http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx).

A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Now do you believe that Previewing a "malicious e-mail message" is sufficient to avoid this? I suggest NOT. And I suggest that Microsoft although probably would tell us one way or the other won't. Sure go ahead and install the security update. But that's today. Which has been my point all along. Don't preview and you don't have to worry about it. Pretty simple."

I've looked at that (and many other exploits) and there is a common denominator in most of these -- the users need to perform a specific action to activate the exploit. In this case, they need to visit a specially crafted web page and click a link. Unless a popular site is hacked and compromised with this vulnerability, the user will need tricked into visiting the site and clicking. In either case, the problem isn't with Outlook and it's not something Microsoft can control.

Secondly, many exploits are blocked or the vulnerability lessened if the software has recent patches. For this particular example, the security patch for Outlook that was released in June of 2000, and included in all newer versions of Outlook, offers protection. The Cumulative Patch for Internet Explorer (828750), released in October 2003 helps to protect you from this exploit as well. If you don't have your installations updated with patches released over a year ago, you have bigger problems than this exploit.

Finally, many of the exploits in the security bulletins are rare in the wild. This doesn't mean you shouldn't install critical patches as soon as possible, it only means you shouldn't panic. If you're still really worried about the safety of Outlook's Preview (or Reading) pane, you might want to start using Pine.

There are some steps you can take if you aren't paranoid enough for Pine even with the most recent patches installed. Outlook 2002 and 2003 supports a readasplain registry key, which converts all mail to plain text format. Or you can use Chilton Preview. It's a preview pane addin that can't render HTML and works will all versions of Outlook. A good antivirus and antispam email scanner, preferably running on the mail server, will eliminate many of the infected messages you receive. Common sense helps too -- if you are suspicious, don't click on the link.

See http://www.outlook-tips.net/howto/plain_text.htm to learn how to set Outlook to read all messages using plain text.

Download Chilton Preview from http://www.geocities.com/siliconvalley/peaks/8392/.

Many administrators disable the preview pane as a security measure. Is it really worth it? Not in my opinion, especially if it creates a false sense of security. Opening a message is not safer and it takes longer for the workers to read their messages.

It's a bad idea to disable preview instead of investing in software than can help remove the threats from the message stream before they get into your users Inbox. If a virus is not in the Inbox, it can't exploit any vulnerabilities in the preview pane, so you don't need to disable it. If the users get into the habit of opening every thing they receive, the risk is as great as if they used preview. You should also use current software. Outlook 98 is the least safe of all of the versions and upgrading will not only get you a safer email client, you'll also get one with more features and many improvements.

If it adds 15 minutes a day to the time they spending reading email, a worker making a paltry $7 an hour will 'earn' $1.75 opening messages to read their email. At $8 or more a week per employee, investing in good antispam and antivirus software is a better investment and has a high return on investment. But opening mail to read it isn't the only productivity problem -- creating, editing, training and managing mail filters to handle spam at the desktop also eats into productivity. Managing it at the server means one person is creating and editing the filters, not the entire workforce and it gets the viruses and spam out of the message stream.

It seems to me that too many people get hung up on blocking senders, either by the full address or by domain, in an attempt to control spam. It never works because the spammers change addresses too often or use legitimate domains you may not want to block and Outlook doesn't support wildcards. The only thing that adding addresses to the blocked senders list does is make the blocked list longer. It does very little to remove more spam from your Inbox.

In Outlook 2003, the total number of Safe and Blocked addresses allowed is approximately 2000, so you will want to turn Outlook's junk filtering on High and peek at the messages in the folder once every couple of days, marking valid messages as Not Junk and adding those addresses to the Safe list instead of trying to create a long list of blocked senders.

If you aren't using Outlook 2003 you should block mail based on characteristics of the message. Bayesian-based filters do an excellent job at blocking mail using this method, although the training required is often time consuming when it's first configured. This is why Microsoft didn't include training options with the spam filter in Outlook 2003 and they intend to release frequent updates to the filter to keep up with the latest spamming techniques.

If you want to block spam using simple rules, try Sue's Low Maintenance method found at http://www.slipstick.com/rules/junkmail.htm#sue. You can also block messages with blank subject lines by creating a filter blocking all messages, except those with a, e, i, o, or u in the subject. See http://www.outlook-tips.net/archives/2004/20041018.htm if you need help creating this rule.

Finally, you may want a rule that filters subjects containing characters you don't expect to find in the subject line, such as | or ^. Characters common in spam written in foreign languages can be added too. You'll find these simple rules do a good job at removing spam from your mailbox without requiring a lot of time to keep the rules updated. If they aren't sufficient to remove the majority of your spam, then it's time to consider a commercial antispam product.

Once you have junk rules configured your next step is coming up with the best method to delete these messages from Outlook. While you can configure both rules and the junk filter to delete them as they arrive, it's recommended that you move the messages to a folder, in case it filters a message that isn't spam. In Outlook 2003, the Junk email folder can be emptied by right clicking on it and choosing Empty Junk Email folder. In any version of Outlook, you can set up AutoArchive to delete the spam every couple of days. Configure AutoArchive to run every day or so and delete messages a couple of days old to give yourself time to browse for messages that aren't spam. You can also use this method to clean up the Deleted Items folder on a regular basis.

Remember, the goal is to handle your email in the fastest, most efficient method available, one that requires as little input as possible. In an organization, this means controlling spam at the server level and for standalone users, it means a change in mindset. If you are using Outlook 2003, check for updates every couple of months, beginning now as a new junk email update was released within the last two weeks.