cancel
Showing results for 
Search instead for 
Did you mean: 

Security Check on SquirrelMail

gofaster
Rising Star
Posts: 361
Thanks: 10
Registered: 01-08-2007

Security Check on SquirrelMail

Why have PlusNet introduced that awful security check when sending email via SquirrelMail?
I *really* detest it. It's bad enough to be using webmail in the first place, but to have to squint at at a scribbled mess and try to decypher a bunch of numbers and letters...

It makes it even harder to forward spam false-negatives as these have to be done from within webmail. Can't you make it easier for us to report spam/not spam rather than putting further obstacles in our way.
27 REPLIES
hamsandwich
Grafter
Posts: 139
Registered: 31-07-2007

Security Check on SquirrelMail

Well, you see, SquirrelMail wasn't broken, so in true plusnet style, they've decided to 'fix' it.

It wouldn't be so bad if it remembered I'd already entered a damn code four times already today.
alanPN
Grafter
Posts: 27
Registered: 01-08-2007

Webmail "security check"

Have just seen this. It's one of the worst I've seen - the squiggles obscure the letters considerably. Took me 4 attempts before it accepted my input even though I was sure I'd typed the text correctly.

Why has it been decided to use this - given that we need to use our mailbox passwords to enter webmail in the first place that should be sufficient security?

OR

Have by any chance those passwords been compromised so machines can now access webmailHuh
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Security Check on SquirrelMail

The captcha form is more for the prevention of spam hitting the CGI Relay servers.

We had this on the old Webmail platform for customers logging in from overseas IP addresses and this has now been amended to include any non-PlusNet Ips.

Remember it's fairly open to abuse as we allow customers to signup free, non-subscription accounts that they can use Webmail with.

This precaution is not to protect customersdetails but rather to help protect our servers from spammers.
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Security Check on SquirrelMail

I've not seen this yet - is it for all sending, or is it just for sending if using a non-Plusnet, or non-UK IP address?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Security Check on SquirrelMail

Elvin,

its for sending when connected to a non PlusNet IP addy.
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Security Check on SquirrelMail

So why am I getting a captcha image if I try sending from home?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Security Check on SquirrelMail

Are you connected on RIN?
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Security Check on SquirrelMail

Yes
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Security Check on SquirrelMail

At the moment it seems that customers on RIN are also getting the captcha image. We are looking at including the block of RIn IP addresses so that you don't have to do this permanently.

I'll keep you updated on progress from this end.
alanPN
Grafter
Posts: 27
Registered: 01-08-2007

Security Check on SquirrelMail

Reply noted and reason understood.

However, does it need to be so difficult even for human beings to use? With this particular design of panel I suspect that you are in breach of the Disability Discrimination Act 1995. Someone with poor eyesight would find it impossible to use.
gofaster
Rising Star
Posts: 361
Thanks: 10
Registered: 01-08-2007

Security Check on SquirrelMail

How many spammers have been stopped by this?
How many genuine customers have been irritated or worse by it?

Please remove it! There are other, better ways of stopping spammers abusing webmail.
alanPN
Grafter
Posts: 27
Registered: 01-08-2007

Security Check on SquirrelMail

In my own case given that the "other" ISP I use with webmail is BT could you not unblock their IP's too? After all, you are now BT yourselves....
KevinHyland
Grafter
Posts: 61
Registered: 20-08-2007

Security Check on SquirrelMail

I access my webmail a great deal from work - which of course is not a Plusnet IP. I must agree that the layout of the panel is apalling - definitely te worst I've seen.

Please Plusnet, if you don't want to remove it, can't you please modify it to make it clearer to read.

Also, can you not come up with a solution that allows for the registration on secure, non-plusnet IP's? It would be a big help...

Many thanks in advance!
alanPN
Grafter
Posts: 27
Registered: 01-08-2007

Security Check on SquirrelMail

As it's all gone quiet following my suggestion about DDA compliance you may want to look at the formal investigation into website accessibility on the DRC (Disability Rights Commisssion)website:

http://www.drc-gb.org/library/website_accessibility_guidance/formal_investigation_report_w.aspx

I think you will find that since captcha boxes cannot (by definition!) be read by screen readers they are potentially illegal under the DDA 1995?

I suspect that you may need to find another way of getting the necessary protection?

PN please comment.