---

@JonoH wrote:

...

There is a really clear piece of the text on the SPF Wiki that I'll pinch    

Reasons to implement 

If a domain publishes an SPF record, spammers and phishers are less likely to forge emails pretending to be from that domain, because the forged emails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate email from the domain is more likely to get through

...

---

So if hundreds (possibly thousands) of a cheap consumer ISP use a domain which publishes a SPF record to send bulk spam, this will presumably contribute to a reduction in the usefulness in the use of SPF.

Is the sole reason for this an attempt to reduce the load on Plusnets email servers?

The reason for using SPF records is to help reduce spam everywhere - it only tackles one aspect of spam, that being a spammer faking some other server in order to make the spam look more legitimate. Most ISPs and other mail-server owners have been using SPF records for some time. This is really Plusnet trying to catch up with industry standards.

If a Plusnet customer sent a lot of spam through Plusnet's servers then Plusnet's reputation (as a MTA) would suffer, but it would be against the T&Cs so Plusnet could cancel the account as soon as they noticed. This is probably one of the reasons they charge a month's fee in advance.

Ok - just checked by default outgoing server for email is via relay.plus.net:

Port: 25
Authentication: None
Security: None

So what settings do I need to do it security, and with authentication?

Just checked the library, and that says no security, and only send a password open. This doesn't sound like a good idea to me, means outside plusnet someone can sniff you password.

Looks to me like I just won't be able to use my plusnet email any more. Oh well - I'll change to my own domain, where everything is secure ...

@summers if you are sending mail when connected to your PlusNet broadband then you do not need any authentication (it knows you're sending from a PlusNet IP address). If you need to send email when not at home or via 4g then, yes, you do need to authenticate with a username & password, and as you have discovered they are sent unencrypted. The username / password combination used for authentication with relay.plus.net can be that for ANY mailbox associated with your account, so the best suggestion is to create a mailbox (and password ) that is purely used for authentication. I use a mailbox called 'smtp' , that way your normal details are not exposed.

HTH

Hi - I just found your "We're making changes to your email" service update.

Not at all impressed by the absence of ANY useful information, leading to this thread of confused and concerned users having to extract the said information in a manner akin to pulling teeth.

Why is the original announcement not updated to have some useful information?

For us in IT support with many home and business clients with PlusNet we need the DETAILS - and ACCURATE information - not misleading rubbish like "This means you’ll no longer be able to run your emails through your own server" which is fundamentally UNTRUE, as long as they are then forwarded to relay.plus.net, with authentication enabled if not using a PlusNet connection.

If you had put something like "We are adding SPF records for the domain "plus.com", so all email addresses ending in plus.com must be sent via the plusnet servers to ensure reliable delivery" with links to your email settings pages and some further SPF info, then you could have saved us all a lot of time.

@MisterW good idea to create a dummy account, hadn't though of that! I'll probably still not do it, to be honest I don't use my plusnet email much - its only for things like the registration email address for my domain name registration, where I need an email outside my domain name.

Guess also I'm a tad paranoid about unencrypted connections, and having a password just flying around out in the ether. Have been on the internet since '86 (when email was backward!), and kept some emails addresses valid for ~15 years - but know this has only been possible with fanatic security. Alas I've seen too many other machines hacked in my time ...

Guess an amusing side effect of this, is my first email address DS118@UK.AC.CAM.PHX, I can now revel - as it is no longer possible to route email to that address, and the machine has been decommissioned that received the email ...)