SSL on IMAP/POP3/SMTP (again)

kmilburn · ‎30-07-2007

I suspect this is still a forlorn hope, but is there any hope of TLS being implemented for these protocols.

I know this has been raised numerous times, and we keep getting told that things are in progress, but at more than 12 years since the issue was first raised, we don;t seem to be any closer.

One recent-ish thread was lementing the requirement for the number of certificates given the number of servers in use and the cost of doing so.

Given the potential of wildcard certificates, or services like letsencrypt where the certificates are free (and with simple cron jobs, auto-renewing), this is another barrier which should have been passed.

Can we please (pretty please) have some security on these protocols.

Thanks....

And before anyone suggests it, creating a secondary mailbox so you don't have to your primary credentials is not a solution. It's nothing more than a workaround to only leave you half exposed rather than fully exposed....

Gel · ‎02-08-2007

PN have never applied any sense of urgency, on what is now a fairly basic requirement, especially with ID theft becoming more prevalent. You may have to consider moving, as I did to another Yorkshire provider who does offer SSL/TLS for e mail.

Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:

wisty · ‎30-07-2007

I suspect they never will. Demand is falling, and it is no longer a necessary service for many (most?) customers. An increasing number of ISP's do not offer an E-mail address with their broadband. Particularly true of mobile suppliers, but increasingly the same is true of landline ISP's.

The users are moving in three directions.

Many people do not use E-mail to communicate. They prefer Facebook/Instagram etc. So the number of users of E-mail is falling.

Of those that do still use it, Joe public is going to G-Mail or one of the other "free" services. At the other end of the spectrum anyone for whom E-mail matters will have their own domain so that they are not tied to a particular ISP.

That means the number of customers who want or need an ISP based E-Mail address is declining fast. ISP's will simply not bother. Why should Plusnet spend money on something that only a small minority of customers want.

Townman · ‎22-08-2007

Possibly because they’ve not spent money on what customers want it to be - secure and reliable?

Don’t get me wrong, when it works the facilities are exceptional - unlimited email addresses and catch all. Few paid for providers provide such richness of functionality. With the implementation of the expected standards, this email service would all that most users could ever wish for.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

machare · ‎13-01-2011

Are you sure that SSL does not now work? Please try again.

spraxyt · ‎06-04-2007

Yes, SSL/TLS is implemented and works very well. Users can update any unsecured connections to use secure equivalents (the port numbers change).
Newly set up connections using modern email clients should choose secure automatically.

David

machare · ‎13-01-2011

Thank you, I only found out accidentally when I tried to use the 212.159.8.119 server to send a message and it no longer worked. When was main system updated?

spraxyt · ‎06-04-2007

Plusnet will have to answer the “when”question. That’s under their remit.

David

Mads · ‎06-08-2018

Thanks for highlighting this @spraxyt.

The system recently got updated and everything is working as it should be.

Give us a nudge if you run into any issues.

Thanks.

machare · ‎13-01-2011

So when was SSL introduced?

Moderator's note by Dick (Strat): Full quote of preceding post removed as per Forum rules.

Townman · ‎22-08-2007

Recently!!

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

machare · ‎13-01-2011

But how recently? Has there been any notification from Plusnet that the system was introduced?

MasterOfReality · ‎26-03-2018

Hi @machare

I'll see if I can find an exact date for you, but I'm not 100% sure who i would ask at the moment.

I'll get back to you and let you know either when or that I couldn't get the info yet.

Thanks,

MoR

kmilburn · ‎30-07-2007

Good to know that it's finally implemented.

I'll assume this isn't just a short term test and PlusNet were going to let the customers know they've finally implemented it, and we're not going to do it silently in the hope people don't realise how long PlusNet have been dragging their heels on this issue... (too cynical? ).

Someone might want to make sure the setup pages are changed too....

This one still states that SSL/TLS should be set to No.

https://www.plus.net/help/email-guides/how-to-set-up-plusnet-email/#what-other-settings-do-i-need

spraxyt · ‎06-04-2007

Implementation was over more than one day to put secure SMTP, IMAP and POP3 in place transparently alongside the existing set up so that continued to work. As noted this was done “recently”.
Note that secure SMTP continues to use port 587 rather than requiring a switch to port 465. Given the correct server names (which are the same as they’ve always been), validation should allow recent email clients to choose the right settings. Less recent ones might need help and older ones not work with SSL/TLS at all.

David