cancel
Showing results for 
Search instead for 
Did you mean: 

IMAP and SSL

N/A

IMAP and SSL

Hey Broadband help forum,

I was in charge of setting up my Aunt's new computer today, and haven't really had any experience with plus.net's email servers. I usually just log in via webmail.

So, this comes to my question. Does plus.net support IMAP SSL connections? In theory, SSL is over port 993, but I can't get any response from that port.

plus.net does support this (basic!) feature, right?! She is on broadband plus, but that shouldn't make much of a difference.
13 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

IMAP and SSL

SSL is not supported for mail access.
N/A

IMAP and SSL

Then how is password security maintained?

Moderators note by John (johnessex) Full quote of preceding post removed as per the Link:rules
N/A

IMAP and SSL

To setup your email get the setup.ins file and it will do it all for you from the portal. Security on Plus net is often down to the fact they only accept smtp etc from their own IP's
Community Veteran
Posts: 14,469
Registered: 30-07-2007

IMAP and SSL

Usernames & passwords are sent in plain text, just like the majority of POP3/IMAP mail systems on the internet. SMTP (sending) is protect by the fact that you can only use PlusNets SMTP server from a PlusNet IP.
N/A

IMAP and SSL

Again, that is fine in theory. SMTP again, can be SSL'd. Outgoing isn't a security issue, as you don't have to send a password to send to relay.plus.net to send an email.

I realise that 'the majority' of passwords are sent in plain text, but it would be nice is plus.net had the option of SSL - for the sake of good practice - and to ensure email password security.

Here is to hoping that it will be considered for the future.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

IMAP and SSL

Don't get your hopes up...

http://portal.plus.net/central/forums/viewtopic.php?t=22270 - asked for in Nov 2004 and no sign of any interest from PN.
N/A

IMAP and SSL

whats wierd is it does not take long to setup SSL for IMAP, so personaly i can see no reason why they dont, and saying its secure just cos you can only do it from a plusnet account is stupid.. cos plusnetters can go hack other plusnetters
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

IMAP and SSL

Hi,

I can't answer why there is no SSL service, however PlusNet customers hacking other PlusNet customers is unlikely and near impossible bassed on the way you try to describe it.

You cannot monitor another customers traffic in the way that would be needed.

Yo run a near infinate greater risk from password sniffing applications (which will work regardless of SSL) or wireless intrusion (for which you only have yourself to blame).

Kind Regards,
N/A

IMAP and SSL

so your saying we cant sniff the plusnet network and catch the unencrypted email, or more to the point.. YOU cant sniff your OWN network and read OUR PRIVATE email?
N/A

IMAP and SSL

humm silence from the PN camp on the fact they dont want to stop the spying of our email! omg omg omg what a surprise
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

IMAP and SSL

Hi,

Far from it, it's that time of year again and some of us have to do our best not be be called scrooge.

Of course we have access to your email. Frankly, it would be quite stupid to suggest we cannot do so. How on earth could our own systems access it to give it to you on request otherwise?

Within the Customer Support Centre, we have tools to test if your mailbox works by telling us the number, size and date of each message, but no other detail.

If it came to it, we can login to the POP3 server using the mailbox username and password, in order to perform dialtests. This is usful to help diagnoser a customer problems (the most regular one is to determine local or remote problems).

As with all customer tools, we keep records on who accesses such information. So if you are concerned, we can investigate such circumstances.
N/A

IMAP and SSL

I was not saying you couldnt log into the email systesm we all know sysadmin have full axx to our stuff - its just that i am sure only a set amount of PN staff can do this, however any PN stafff could sniff the network to gain axx to what our mail is saying, also the fact that relay.plus.net does not support SSL hence any outgoing mail can be read -- which kinda sucks. TBH it wouldnt be hard for you to install SSL authentication etc, maybe a weeks work at most (with testing etc etc) and it would benifit everyone that knows what SSL is.

Also, what stops me sniffing another PN customers email then? seeing as you can sniff switched packets (even though there seems to be a common misconception that you cant)
N/A

IMAP and SSL

Hi,
Sorry to comment on someone else's mail...

Quote
Hi,

I can't answer why there is no SSL service, however PlusNet customers hacking other PlusNet customers is unlikely and near impossible bassed on the way you try to describe it.

You cannot monitor another customers traffic in the way that would be needed.


Is there any update on (the lack of ?) plans to introduce IMAP (and/or POP) security anytime soon ? Either would be a big improvement.
Would it require major software changes ?

Maybe this is not such a critical issue when connecting from PlusNet account. However, when reading email from a remote location, passing username, password and the emails including a bunch of valid email addresses through the Internet in plaintext does not sound like a good idea. I think there is a real security issue there as the account master password is used to access the default mailbox. The https-webmail helps the situation a bit, though.

Quote

Yo run a near infinate greater risk from password sniffing applications (which will work regardless of SSL) or wireless intrusion (for which you only have yourself to blame).


Password sniffer application could catch the password when logging to the https-webmail but the password could be stored (encrypted, of course...) within the IMAP mail application, making sniffing difficult?