Secure Email (Again!)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Secure Email (Again!)
Re: Secure Email (Again!)
03-01-2014 7:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Secure Email (Again!)
03-01-2014 9:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As others have said above and I agree with, the time will come when the ISP's ditch the email providing side.
They have already ditched the free webspace some time ago.
They and indeed OFCOM just regard email as a free addon - which is why its provision is not regulated.
It really must be a load of aggro for them
As well as simply running the email servers
There are the serious and time consuming spam/email virus issues which they have to protect against and sort out both incoming and sadly outgoing from customers with compromised accounts hijacked by spammers.
There are the endless new wireless thingy that "won't connect" - more support calls.
There are people all trying to do 'complex' things.
Its just not worth the candle anymore.
Finally email provision is a cost implication and we see how Broadband is now in the UK seemingly just sold on least cost/price - 'cos that's what the punters want.
ISP's might just become connectivity suppliers.
Those who don't give a monkeys about anything and post all their details on facepalm and twotter will use the free providers like gmail/outlook.com etc (and probably won't use two step verification)
Those that want a business grade, fully secure, guaranteed always on, all facilities service will have to go and pay for it via some sort of business email/services/facilities supplier.
In fact I could see ISP's selling the email side to be outsourced to another specialist supplier with subscribers given the option to pay for it as a separate item from then on or alternatively loose the email facility totally.
Re: Secure Email (Again!)
04-01-2014 10:54 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Many web hosting companies offer SSL enabled email services, some providers even offer email only services, which are secure - Such as Rackspace, Namecheap and of course Gmail.
I don't think it's in the ISP's interest to configure SSL enabled emails. They might as well just partner with one of the above, and have them do it.
Cheers,
Matt
Re: Secure Email (Again!)
04-01-2014 11:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As for paying for a secure account elsewhere, I'm not a heavy user of personal email but when I do use it, I need it to be secure. I'd rather keep everything with one provider. The number of usernames/passwords I have to maintain is ever growing and I don't want to add more to it.
Re: Secure Email (Again!)
04-01-2014 11:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Mattz0r I don't think it's in the ISP's interest to configure SSL enabled emails.
I disagree. As pointed out previously, customers with hundreds of contacts to upgrade are unlikely to bother switching ISP if they are using an ISPs email service.
For the cost of a SSL certificate and installing it on the webmail server couldn't plusnet seriously spare a few quid and a bit of time implementing this for their customer base?
pop3/smtp services go hand in hand with broadband IMO. I know PN like to take the opposite stance but at the same time they don't dare do away with it because almost every other ISP still offers it. IMO this is just a side step incase they make a blunder with thousands of emails as they have in the past. I personally would prefer it if they planned an email outage, did a backup and then got SSL up and running before putting it all live again. At least that way they'd be catering for us all.
As for those promoting the use of their own domains, you can also get your own subdomains for free from services like no-ip.com, freedns.afraid.org etc. Using one of those means you don't even have the cost of a domain to worry about and if you have a computer turned on 24/7 like many folks you can host your own email servers.
Now what I think would be really useful is if PN were to campaign to get the standard MX records changed. When a http request is sent to a server the server can specify a location header and an alternative port number. SMTP works on port 25 and unless you use a proxy server to transparently redirect an smtp connection to another port, you're stuffed if you don't want to or can't use port 25! IMO dns records should contain a port number which is also served upon a dns lookup.
Re: Secure Email (Again!)
05-01-2014 1:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hugh
Re: Secure Email (Again!)
14-01-2014 3:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
New devices (phones, tablets, computers etc) and email clients these days default to assuming that the email account you are configuring uses SSL etc - so the transfer for non-techie users would happen over time anyway. And the benefits for techie users are obvious.
Re: Secure Email (Again!)
14-01-2014 7:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The webmail client just isn't up to it, and never would be, especially on a mobile device (and you'd never get alerts either).
Mozilla even points to a free certificate provider (although its unclear to me if the free certificates are enough or not, but it implies they are!).
Unfortunately it seems that PlusNet doesn't care about security (which is also evidenced by the fact you get asked for characters from your account password when talking to support - when it should be fully encrypted & salted, especially as that account password lets you into all your account details).
I guess when it comes to the end of my current contract, I'm going to have to look around and find provider that treats its users security seriously, and then I can get the functionality on the phone I want as well! Maybe I'll pre-empt some of that by changing my email first anyway.
Re: Secure Email (Again!)
19-01-2014 6:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Secondly it is possible to sign and/or encrypt email being sent or received. One way is to set up s/mime certificates, and this is where the startcom certificate referenced in the previous post comes in. You can use this whether or not the link between the client and server(s) are encrypted or not. However in order for the receiver to receive encrypted mail they must also set up their mail client to use s/mime signing and encryption. Another alternative for signing/encryption is to use GPG.
There are other aspects to security too - for example the major email suppliers now have dkim authentication. Mails are sent out from the server with information about dkim certificates - this is an authentication mechanism to ensure that the server that the mail comes from has been verified as authentic. Mail servers can check the certificate and set the dkim authentication to pass or fail ( or neutral). google, yahoo and other major suppliers all use this now.
I hope this helps clarify the situation.
Re: Secure Email (Again!)
30-01-2014 6:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Does PlusNet mail [mail.plus.net] provide secure SSL connections for POP and SMTP?
when I found this thread...
I do not care what flavour of mail security is implemented, but put simply, PlusNet is a growing company which means it's customers data is an ever growing target. I know some person will object because they will have to update millions of their email account details, but you guys have a duty of care to your ordinary paying customers - and the ICO.
Please PlusNet, grow up and implement secure email on your platform like a grown up ISP.
Re: Secure Email (Again!)
09-02-2014 8:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Plusnet should really take this more seriously and I believe that their help pages (https://portal.plus.net/support/email/setup/index.shtml) on email set up are bordering on negligence. They basically take you through setup and when it comes to SSL, they just advise proceeding without any warning of the risks. In the case of Mozilla Thunderbird, they advise ticking the box "I understand the risks" without a mention of what that might mean. And on Plusnet, those risks are pretty high.
Not only does Plusnet not support SSL, they don't support encrypted passwords on POP3 either. This means that your user name and password are transmitted in clear and can be captured at will using, for example, Wire Shark (See http://community.spiceworks.com/how_to/show/2360-find-out-pop3-password). ; Often, this may also include your Plusnet log-on password. It is not therefore just a case of sniffing emails, because once an attacker has the email credentials they can read and send email from the hacked account from anywhere at any time, not just where you used open WiFi. Once they have access to your Plusnet email account, they can get your email address and try and log on to accounts such as Amazon, click on forgotten password and intercept the password reset email from your inbox, deleting it before you know anything has happened. They can now access shopping and other accounts, change delivery addresses and order goods using stored credit card details. I have worked in communication and network security for over thirty years and I would strongly recommend that nobody ever connect to their Plusnet email from an open WiFi with the current set-up. It may also backfire on Plusnet, because the lack of security could allow spammers to use Plusnet user email accounts to send Spam. (Sending mail from outside the Plusnet domain does require password authentication, but it is often the same password as for collecting mail)
If Plusnet does want to provide an insecure email service, then fine, but at least explain the risks instead of glossing over them. For example, take a look at the BT email setup guide (http://bt.custhelp.com/app/answers/detail/a_id/46673/c/346,6588,6591) they are after all Plusnet's main shareholder.
There is however a glimmer of hope. The Thunderbird set-up page (https://portal.plus.net/support/email/setup/thunderbird-setup.shtml) does actually say "unfortunately our mail servers don't support encryption (we're looking into launching this feature)". So stop looking and do it!
Re: Secure Email (Again!)
09-02-2014 8:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just thought I would join the band wagon even though I do not use the PN's email addresses I do work in internet security, just plan a maintenance window and add the certificate on the mail server. Everyone will be happy that way.
Re: Secure Email (Again!)
15-02-2014 5:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have been using the web client to access my email on the few occasions that I need to use a public wi-fi link to connect, but it is certainly inconvenient, and is making me wonder whether the time has come to change ISP.
Re: Secure Email (Again!)
04-03-2014 8:10 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Secure Email (Again!)
04-03-2014 8:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page