SSL on IMAP/POP3/SMTP

Townman · ‎22-08-2007

VivvieF,
Welcome to the forums and so glad you found a prompt solution.

@CRT,
A "light bulb" moment...
1. Do the call desks and chat line staff know about THIS trending issue?
2. Has there ever been any thought given to "posting" trending issues on the support and help pages?

There are now and again issues which do arise form the action of external parties which do give rise to the technical problem call volume which PlusNet have to deal with. A "trending issues" list might help alleviate matters in such circumstances.
Something for the customer experience team to look at?

Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

bobpullen · ‎04-04-2007

Quote from: Townman
1. Do the call desks and chat line staff know about THIS trending issue?

Yes, I saw an announcement circulated the other day.

Quote from: Townman
2. Has there ever been any thought given to "posting" trending issues on the support and help pages?

Interesting suggestion, not sure how it would fit with our release cycles though. If we could update elements of the site in real time it would be feasible.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Townman · ‎22-08-2007

Hi Bob,
Could it be done through "feed" pages - the material is not in the web pages, but some "external" source - similar to the service status pages?
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

bobpullen · ‎04-04-2007

It would probably be the best way to do it. I shall mention it to the folks overseeing the Help & Support stuff the next time I've the opportunity.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

jelv · ‎10-04-2007

Any reason why you couldn't post a service status announcement about it today? That way anyone checking for email server problems would see it

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

bobpullen · ‎04-04-2007

I think it was considered, but we decided not to in the end.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

chrcoluk · ‎11-12-2013

I just scanned the hostnames listed here.
http://www.plus.net/support/customer_service/using/settings.shtml?supporta=featconnsett
no sign of any encryption whatsoever, in 2015 this is crazy, I dont use plusnet's mail servers but this is very insecure, remember also server to server transit as well, which on 99% of mail servers out there is encrypted.
There is some discussion on private mailing lists (of which google employees take part) of blocking transactions with mail servers that have no encryption or sslv3 encryption only. Just a warning.

spraxyt · ‎06-04-2007

Quote from: chrcoluk
... remember also server to server transit as well, which on 99% of mail servers out there is encrypted.

Have you checked what the headers say for the hop from the Plusnet relays to the destination server (eg gmail)?

David

matthews · ‎13-08-2014

Quote from: chrcoluk
...remember also server to server transit as well, which on 99% of mail servers out there is encrypted.
There is some discussion on private mailing lists (of which google employees take part) of blocking transactions with mail servers that have no encryption or sslv3 encryption only. Just a warning.

Well Google will find themselves with a lot of missing emails then, as according to their own stats only 78% of outbound messages and 57% of inbound messages supported any form of SSL. I know this doesn't excuse PlusNets behaviour, but bandying around completely fictional statistics doesn't help anyone. Bear in mind that Google themselves only set encryption by default on their email service 12 months ago!
EDIT: Forgot the link to my source: https://www.google.com/transparencyreport/saferemail/

matthews · ‎13-08-2014

Couldn't edit my post twice in a row, but according to the same link Plusnet encrypts all emails going to Gmail, but none coming from from Gmail to Plusnet

bobpullen · ‎04-04-2007

Quote from: spraxyt
Quote from: chrcoluk
... remember also server to server transit as well, which on 99% of mail servers out there is encrypted.

Have you checked what the headers say for the hop from the Plusnet relays to the destination server (eg gmail)?

Received: from avasout08.plus.net (avasout08.plus.net [212.159.14.20])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified))
	by mail.rollernet.us (Postfix) with ESMTPS

TLS transport is enabled on the relays. It's isn't for the inbound estate yet but is being considered.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

chrcoluk · ‎11-12-2013

Quote from: matthews
Quote from: chrcoluk
...remember also server to server transit as well, which on 99% of mail servers out there is encrypted.
There is some discussion on private mailing lists (of which google employees take part) of blocking transactions with mail servers that have no encryption or sslv3 encryption only. Just a warning.

Well Google will find themselves with a lot of missing emails then, as according to their own stats only 78% of outbound messages and 57% of inbound messages supported any form of SSL. I know this doesn't excuse PlusNets behaviour, but bandying around completely fictional statistics doesn't help anyone. Bear in mind that Google themselves only set encryption by default on their email service 12 months ago!
EDIT: Forgot the link to my source: https://www.google.com/transparencyreport/saferemail/

they are well aware of these stats. I am just passing on what has been said.
By the way google are not the only members of the mailing list, is several large isp's on there, and many dozens of server admin's who manage between them probably thousands of servers. So google wouldnt be alone in such action.

chrcoluk · ‎11-12-2013

Quote from: Bob
Quote from: spraxyt
Quote from: chrcoluk
... remember also server to server transit as well, which on 99% of mail servers out there is encrypted.

Have you checked what the headers say for the hop from the Plusnet relays to the destination server (eg gmail)?
Received: from avasout08.plus.net (avasout08.plus.net [212.159.14.20])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified))
	by mail.rollernet.us (Postfix) with ESMTPS
TLS transport is enabled on the relays. It's isn't for the inbound estate yet but is being considered.

looks like your cipher list needs updating, old openssl libraries?

bobpullen · ‎04-04-2007

The cipher that's used is opportunistic so there's a dependency on the receiving MTA too. Send to a different mail host and you may well see a different cipher being used. As it's the Cloudmark MTA doing this anyway, we'll be limited to whatever the software supports.
None of this is fully launched mind you so there's the opportunity to revisit stuff at a later date.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

timmytoad · ‎18-08-2011

I say chaps, i am but a humble customer of PlusNet, and you are ALL beginning to use Words and Abbreviations that i cannot possibly begin to understand, could you please keep it simple for simple folk like me, afterall, all i want in life, is a SECURE EMAIL service !!.
maybe, just maybe, somebody somewhere in PlusNet, might listen to to Bob Pullen

Tim