Secure Email (Again!)

Kwak · ‎05-11-2007

If I reply to this in one of couple threads below on this it'll be less obvious there is a demand for it. - there is a demand for it.
Please implement this! Sorry, but how hard or costly can it be?!
Channel 4 news this evening touched on this very subject today, by showing spoofed wifi sites + packet sniffing and then getting the personal info from phones on wifi connections. Not just email but email was obviously a part of it. Watch the article that's 40 minutes in on 4OD if you want.
Extacting our plusnet userID/Password would be easy peasy for even the most useless of hackers. Many on this forum have pointed this out over a number of years.
How many of your customers now have phones/tablets etc set up to get their plusnet email in the clear (as there is no other way) and have no idea at all that when they use open wifi in the pub,street, hotel, anywhere - they are throwing a security dice that all their emails are now available for anyone to read, until they change their password, which might be in 10 years time?
How many customers would be happy with this?!

Chris · ‎05-04-2007

It's something that personally I'd love us to do, but there are no official plans for this.

Quote
How many of your customers now have phones/tablets etc set up to get their plusnet email in the clear (as there is no other way) and have no idea at all that when they use open wifi in the pub,street, hotel, anywhere - they are throwing a security dice that all their emails are now available for anyone to read,

Even if we did offer it, I'd be very very surprised if there was a large uptake in it. Most people wouldn't change their settings unless something stopped working.

Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.

Townman · ‎22-08-2007

Chris,
But at least there would be a choice. Take up could be encouraged by communication of its availability to users with an explanation of the benefits / clarification of the risks of not using it. Ignorance of the risks by possibly the majority of users is no excuse for not providing the feature.
What is the cost / effort? Has it been assessed? Would its implementation (along with phasing out non-secure access) make PN's servers more secure against being hacked? Why is there reluctance to fulfil this request? Does PN consider it to be unnecessary?
Cheers,
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

jelv · ‎10-04-2007

They are probably not upgrading it because, like so many of the other extras that used to be included for new users, they are planning to stop offering email at some stage in the future.

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

Townman · ‎22-08-2007

Jelv,
Possibly a cynical thought there - is there really a market for an Internet connection only service? It would certainly be a new paradigm akin to a wires only service (broadband without POTS) from BTOR.
I guess that would pass all email business to the likes of gmail or hotmail. Imagine the difficulty in getting support from them when things go wrong! It would be a very sad day to see the demise of an email service from PN; personally I'd prefer to pay a bit more and enjoy the usually responsive support from PN. Google don't even have a support service - I've ever received a response to a problem query from them.
Cheers,
Kevin

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

Anonymous · ‎07-11-2013

Quote from: townman
Jelv,
Possibly a cynical thought there

Not really, when this subject came up before a few years back, the official line was something like -
email is not a core service that the customer pays for and should be treated as a free extra feature with your package, and as such Plusnet don't guarantee the operation of the service or take responsibility for handling or storing your emails.

The moral of the story is if you want reliable and secure email then sign up for a decent service elsewhere - as I have done with 1&1

[Moderator's note by Adie (dvorak) Referral identifier removed as it is against the spirit of this Forum Rule ]

Strat · ‎14-04-2007

Personally I think that broadband and email are intimately linked in most people's minds and automatically believe that with the former comes the latter.

Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine

Anonymous · ‎07-11-2013

I think ISPs are to blame for that, because once customers have told all their email contacts their ISP specific domain name, then the customer has yet another reason not to leave - as the effort in updating hundreds of email contacts could be too daunting.
People should sign-up for their own portable domain name, and use that for their email address.
That way you are not tied into an ISP, and you won't get SPAM filtered by email clients that dump hotmail and google mail addresses.
If you are looking to get your own domain name, then there is a good tool on 1&1 to see what is available.

jim:red Referral identifier removed as it is against the spirit of this Forum Rule mod:end

Strat · ‎14-04-2007

I've had my own domain for years....as has my daughter.

Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine

Oldjim · ‎15-06-2007

Quote from: purleigh
The moral of the story is if you want reliable and secure email then sign up for a decent service elsewhere - as I have done with 1&1

I have a few email addresses with 1&1 and they are the only ones where nasties get through. Fortunately Kaspersky always (up to now) jumps all over them. So don't think the filtering is as good as Plusnet's
Note I don't have anti spam activated on those as that doesn't seem to be a problem

Townman · ‎22-08-2007

Strat,
I think 99% of users would agree with your view - an Internet connection naturally comes with an email service.

Purleigh,
From personal experience (albeit quite sometime ago) 1&1 are expensive for what they supply and support is not overly good. But all of this is somewhat off topic here.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

DaveyH · ‎15-11-2012

I don't understand why people use ISP email, especially as its common to constantly swap ISPs, chasing 'offers'
And email isn't really 'secure' unless its encrypted end to end with keys you control, and that's a PITA for users to implement/use

kmilburn · ‎30-07-2007

It's not a question of the email being secure between source and destination, but the connection between the user and the ISP where the username and password are exposed, plus any email trasferred, being read by anyone with inclination and a suitable packet sniffer.
As for using the ISPs email, with you own domain name, Plusnets email system is very convenient and has the advantage of being very close. It's not subject to the US Patriot act, and they don't harvest the email for advertising purposes.

Kwak · ‎05-11-2007

Quote from: kmilburn
It's not a question of the email being secure between source and destination, but the connection between the user and the ISP where the username and password are exposed, plus any email trasferred, being read by anyone with inclination and a suitable packet sniffer.
As for using the ISPs email, with you own domain name, Plusnets email system is very convenient and has the advantage of being very close.

Precisely, couldn't have put it better myself. And as for some posts above : even if you have a domain, you have to have something acting as your email server, your ISP if it's email is reliable enough is probably the obvious choice. I'd consider email an important part of the service.

PhilHawker · ‎30-06-2011

Lack of any email encryption or real security is my #1 (probably only) issue with the PlusNet service. It's the only thing stopping me recommending PlusNet as an ISP to friends, it must cause many support calls from people spooked by the multiple warning messages when setting up email clients (especially on Apple devices) and is massively frustrating when traveling and trying to use external networks which block unencrypted SMTP delivery.
It is - as others have repeatedly commented - the most horrendous security risk. With access to your email any miscreant can take control of any service which emails forgotten or replacement password reset links. Your main email password should by the most secure, holy grail of all passwords and it's appalling that PlusNet have left things in this state for so long, especially as many of the PN techs seem keen to actually fix the problem.
There are many ways to fix this without breaking existing user accounts - alternate host names for the SSL service would seem the simplest?
PLEASE can you fix this!