As others have said above and I agree with, the time will come when the ISP's ditch the email providing side.
They have already ditched the free webspace some time ago.
They and indeed OFCOM just regard email as a free addon - which is why its provision is not regulated.
It really must be a load of aggro for them
As well as simply running the email servers
There are the serious and time consuming spam/email virus issues which they have to protect against and sort out both incoming and sadly outgoing from customers with compromised accounts hijacked by spammers.
There are the endless new wireless thingy that "won't connect" - more support calls.
There are people all trying to do 'complex' things.
Its just not worth the candle anymore.
Finally email provision is a cost implication and we see how Broadband is now in the UK seemingly just sold on least cost/price - 'cos that's what the punters want.
ISP's might just become connectivity suppliers.
Those who don't give a monkeys about anything and post all their details on facepalm and twotter will use the free providers like gmail/outlook.com etc (and probably won't use two step verification)
Those that want a business grade, fully secure, guaranteed always on, all facilities service will have to go and pay for it via some sort of business email/services/facilities supplier.
In fact I could see ISP's selling the email side to be outsourced to another specialist supplier with subscribers given the option to pay for it as a separate item from then on or alternatively loose the email facility totally.

I personally think that if you're that bothered about "secure" email services, you would opt for a pay-for option with a reputable host.
Many web hosting companies offer SSL enabled email services, some providers even offer email only services, which are secure - Such as Rackspace, Namecheap and of course Gmail.
I don't think it's in the ISP's interest to configure SSL enabled emails. They might as well just partner with one of the above, and have them do it.
Cheers,
Matt

Implementing secure email should help reduce the number of compromised accounts and thus reduce the support effort required. If  Plusnet stops providing email accounts they will then have the problem of keeping user contact details up to date. I work in IT so I know just how many users change their email supplier and forget to update their details.
As for paying for a secure account elsewhere, I'm not a heavy user of personal email but when I do use it, I need it to be secure. I'd rather keep everything with one provider. The number of usernames/passwords I have to maintain is ever growing and I don't want to add more to it.

Quote from: Mattz0r

I don't think it's in the ISP's interest to configure SSL enabled emails.

I disagree. As pointed out previously, customers with hundreds of contacts to upgrade are unlikely to bother switching ISP if they are using an ISPs email service.
For the cost of a SSL certificate and installing it on the webmail server couldn't plusnet seriously spare a few quid and a bit of time implementing this for their customer base?
pop3/smtp services go hand in hand with broadband IMO. I know PN like to take the opposite stance but at the same time they don't dare do away with it because almost every other ISP still offers it. IMO this is just a side step incase they make a blunder with thousands of emails as they have in the past. I personally would prefer it if they planned an email outage, did a backup and then got SSL up and running before putting it all live again. At least that way they'd be catering for us all.
As for those promoting the use of their own domains, you can also get your own subdomains for free from services like no-ip.com, freedns.afraid.org etc. Using one of those means you don't even have the cost of a domain to worry about and if you have a computer turned on 24/7 like many folks you can host your own email servers.
Now what I think would be really useful is if PN were to campaign to get the standard MX records changed. When a http request is sent to a server the server can specify a location header and an alternative port number. SMTP works on port 25 and unless you use a proxy server to transparently redirect an smtp connection to another port, you're stuffed if you don't want to or can't use port 25! IMO dns records should contain a port number which is also served upon a dns lookup.

I would like to chip in my 2d-worth in favour of secure email. If it was made available and all documentation on the insecure service was removed then users would switch over to the secure service over the lifetime of a device. I have been using email provided by PlusNet and their predecessors for much longer than the lifetime of any one computer and I am probably not alone. The effort required would probably be paid back in terms of a reduction in security-related problems.
Hugh

Yes please - secure email.
New devices (phones, tablets, computers etc) and email clients these days default to assuming that the email account you are configuring uses SSL etc - so the transfer for non-techie users would happen over time anyway.  And the benefits for techie users are obvious.

I'd love to have secure email. Especially as I'm considering getting a Firefox OS phone which *only* allows secure email (xref) and for very good reasons too!
The webmail client just isn't up to it, and never would be, especially on a mobile device (and you'd never get alerts either).
Mozilla even points to a free certificate provider (although its unclear to me if the free certificates are enough or not, but it implies they are!).
Unfortunately it seems that PlusNet doesn't care about security (which is also evidenced by the fact you get asked for characters from your account password when talking to support - when it should be fully encrypted & salted, especially as that account password lets you into all your account details).
I guess when it comes to the end of my current contract, I'm going to have to look around and find provider that treats its users security seriously, and then I can get the functionality on the phone I want as well! Maybe I'll pre-empt some of that by changing my email first anyway.

There are several different aspects to email security. One is whether or not the connection from a mail client and the server is encrypted or not. The current best connection system is STARTTLS which is used by the majority of major email suppliers including gmail.  This means that anyone intercepting the connection is unable to read either passwords or the content of mail being sent or received (connections to the outgoing and incoming server are separate).
Secondly it is possible to sign and/or encrypt email being sent or received. One way is to set up s/mime certificates, and this is where the startcom certificate referenced in the previous post comes in. You can use this whether or not the link between the client and server(s) are encrypted or not.  However in order for the receiver to receive encrypted mail they must also set up their mail client to use s/mime signing and encryption. Another alternative for signing/encryption is to use GPG.
There are other aspects to security too - for example the major email suppliers now have dkim authentication. Mails are sent out from the server with information about dkim certificates - this is an authentication mechanism to ensure that the server that the mail comes from has been verified as authentic.  Mail servers can check the certificate and set the dkim authentication to pass or fail ( or neutral).  google, yahoo and other major suppliers all use this now.
I hope this helps clarify the situation.

I was going to ask this question

Does PlusNet mail [mail.plus.net] provide secure SSL connections for POP and SMTP?
when I found this thread...
I do not care what flavour of mail security is implemented, but put simply, PlusNet is a growing company which means it's customers data is an ever growing target. I know some person will object because they will have to update millions of their email account details, but you guys have a duty of care to your ordinary paying customers - and the ICO.
Please PlusNet, grow up and implement secure email on your platform like a grown up ISP.

I have been with Plusnet since 2005, but the lack of security around email only became an issue when I got a smartphone a couple of years ago.  Using a home PC and logging on over the phone network direct to Pusnet does not give a great opportunity for interception, so before that it wasn't an issue.  I now travel a lot outside the UK so rely on open WiFi to avoid roaming charges. 
Plusnet should really take this more seriously and I believe that their help pages (https://portal.plus.net/support/email/setup/index.shtml) on email set up are bordering on negligence.  They basically take you through setup and when it comes to SSL, they just advise proceeding without any warning of the risks.  In the case of Mozilla Thunderbird, they advise ticking the box  "I understand the risks" without a mention of what that might mean. And on Plusnet, those risks are pretty high.
Not only does Plusnet not support SSL, they don't support encrypted passwords on POP3 either.  This means that your user name and password are transmitted in clear and can be captured at will using, for example, Wire Shark (See http://community.spiceworks.com/how_to/show/2360-find-out-pop3-password). ; Often, this may also include your Plusnet log-on password.  It is not therefore just a case of sniffing emails, because once an attacker has the email credentials they can read and send email from the hacked account from anywhere at any time, not just where you used open WiFi.  Once they have access to your Plusnet email account, they can get your email address and try and log on to accounts such as Amazon, click on forgotten password and intercept the password reset email from your inbox, deleting it before you know anything has happened.  They can now access shopping and other accounts, change delivery addresses and order goods using stored credit card details.  I have worked in communication and network security for over thirty years and I would strongly recommend that nobody ever connect to their Plusnet email from an open WiFi with the current set-up.  It may also backfire on Plusnet, because the lack of security could allow spammers to use Plusnet user email accounts to send Spam.  (Sending mail from outside the Plusnet domain does require password authentication, but it is often the same password as for collecting mail) 
If Plusnet does want to provide an insecure email service, then fine, but at least explain the risks instead of glossing over them.  For example, take a look at the BT email setup guide (http://bt.custhelp.com/app/answers/detail/a_id/46673/c/346,6588,6591) they are after all Plusnet's main shareholder.
There is however a glimmer of hope.  The Thunderbird set-up page (https://portal.plus.net/support/email/setup/thunderbird-setup.shtml) does actually say "unfortunately our mail servers don't support encryption (we're looking into launching this feature)". So stop looking and do it!

Setting up SSL is easy enough on a  mail server, and PN have a wildcard certificate securing their domain names anyway, so there should be no harm/extra costs on applying it on the mail server.
Just thought I would join the band wagon even though I do not use the PN's email addresses I do work in internet security, just plan a maintenance window and add the certificate on the mail server. Everyone will be happy that way.

I completely agree with paddyf.  Your main email address is such a key part of your on-line identity that it is just not acceptable any more for the email provider to make no attempt to protect it - in fact you could even argue that it is negligent.  email based scams are becoming more sophisticated and widespread which makes this issue critical.
I have been using the web client to access my email on the few occasions that I need to use a public wi-fi link to connect, but it is certainly inconvenient, and is making me wonder whether the time has come to change ISP.

Concur with RickK. Secure setup is trivial once you have a certificate.

+1 for secure email.  I've asked for this before.