Another round of Xtra\Yahoo spam?

Forums › Spark New Zealand (including Skinny and BigPipe) › Another round of Xtra\Yahoo spam?

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11

20520 posts

Uber Geek
+1 received by user: 4797

#983300 10-Feb-2014 13:41

freitasm: Just received:

An additional encryption setting called ‘Secure Sockets Layer’ (or ‘SSL’), will soon be the new standard default connection for all Yahoo Xtra mail accounts and Telecom will be assisting users who access the service via a ‘third party’ email client, such as Microsoft Outlook for PCs or Android for mobiles, to update their settings.

I don't see how that is going to solve this particular problem, as those email addresses are already out in the wild. Also weren't they hacked last year from the webmail platform? And that had nothing to do with people outlook connection. I know that my address was hacked, and I only ever used webmail for my xtra yahoo address/ SSL has been around for donkeys years, and has been the standard with most providers for years. They really need to use SPF.I guess they have to be seen to be doing something.

Glassboy

851 posts

Ultimate Geek
+1 received by user: 251

ID Verified

Trusted

#983336 10-Feb-2014 14:26

So they're saying the solution to the Yahoo problem is to implement a 20yo protocol that has had serious known vulnerabilities for most of its life?

Spong

1016 posts

Uber Geek
+1 received by user: 341

Trusted

#983528 10-Feb-2014 18:20

Most, but not all XTRA customers using email clients have been using POP/SSL Port 995 and SMTP/SSL Port 465 for ages.

These users, and even those still using insecure ports POP/110 and SMTP/25 who don't use webmail at all, will not have had any addresses in their webmail address books.

How on earth do Telecom think these people are more at risk than those users of Yahoo Webmail who have unknowingly provided a wealth of email addresses from their hacked webmail address book?

Telecom or their Spin Doctors seem to be missing the point altogether.....

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

allan

2073 posts

Uber Geek
+1 received by user: 899

ID Verified

Lifetime subscriber

#983888 11-Feb-2014 09:33

Another round this morning I see. Noticed that several of them are definitely addresses I've seen before. I guess we are just going to have to get used to this...

DigiDog

51 posts

Master Geek
+1 received by user: 18

#983893 11-Feb-2014 10:11

Five so far today and counting. Maybe someone from Telecom could explain why they refuse to implement SPF?

= = =

http://scambusters.co.nz
Keeping TradeMe scam free since 2003

= = =

plambrechtsen

1948 posts

Uber Geek
+1 received by user: 459
Inactive user

#983990 11-Feb-2014 12:07

Just a heads up on the SSL change folks.

This is related to Telecom's desire to shutdown smtp.xtra.co.nz which has a cleartext SMTP port 25 that Telecom customers can use to send outbound SMTP email.

Telecom are going and proactively engaging customers saying we are switching off the cleartext port and moving to pure SSL only through an authenticated connection.

This has nothing to do with a SPF or DKIM or further spam protection on the xtra.co.nz domain. Those are being investigated but I can't comment further on that.

Dyson

Shop now for Dyson appliances (affiliate link).

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#983994 11-Feb-2014 12:08

Good job shutting that old server down. IMO offering clear text authenticated services is negligent

Richard rich.ms

Spong

1016 posts

Uber Geek
+1 received by user: 341

Trusted

#984011 11-Feb-2014 12:39

plambrechtsen: Just a heads up on the SSL change folks.

This is related to Telecom's desire to shutdown smtp.xtra.co.nz which has a cleartext SMTP port 25 that Telecom customers can use to send outbound SMTP email.

Telecom are going and proactively engaging customers saying we are switching off the cleartext port and moving to pure SSL only through an authenticated connection.

This has nothing to do with a SPF or DKIM or further spam protection on the xtra.co.nz domain. Those are being investigated but I can't comment further on that.

Good idea, but I do know a lot of Telecom broadband customers who rely on smtp.xtra.co.nz to send email out from their "non-xtra" accounts. Those people will need to authorise those accounts by adding them to their Yahoo/Xtra accounts before they can use send.xtra.co.nz SSL/465, a process that Joe Public often has difficulty with.

Maybe Telecom could simplify this process.

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#984012 11-Feb-2014 12:41

No those people should be using their mail providers servers for sending out not telecom or yahoos server.

Richard rich.ms

Allanhall

47 posts

Geek
+1 received by user: 4

#984027 11-Feb-2014 12:51

richms: No those people should be using their mail providers servers for sending out not telecom or yahoos server.

If we are paying for Telecom as an ISP we are should be allowed to use this service. They are already blocking a range of ports that our host uses for SMTP. Which is why we do use SMTP.xtra.co.nz on a range of our machines.

This is painful news to me.

Good idea, but I do know a lot of Telecom broadband customers who rely on smtp.xtra.co.nz to send email out from their "non-xtra" accounts. Those people will need to authorise those accounts by adding them to their Yahoo/Xtra accounts before they can use send.xtra.co.nz SSL/465, a process that Joe Public often has difficulty with.

Sorry I think that this is not a good idea. I NEVER use my Yahoo/Xtra accounts now we have to login to this unsecure accounts and actually use them.

Can anybody from Telecom clarify this? I was about to sign up to a 2 year VDSL contract and if SMTP is not longer a service without jumping through hoops.

Ok I can see I am going to get fried for this post.

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#984032 11-Feb-2014 12:55

You are paying for the use of an xtra.co.nz email address not for a smtp relay service. A proper smtp relay service is something you should source elsewhere if your mail provider is too inept to allow ssl authenticated smtp on an alternate port.

People using is smtp servers for non is addresses is the source of most false positives in spam filters IME. Sooner this is stopped the better.

Richard rich.ms

Mighty Ape

Shop now at Mighty Ape (affiliate link).

Spong

1016 posts

Uber Geek
+1 received by user: 341

Trusted

#984036 11-Feb-2014 12:59

richms: No those people should be using their mail providers servers for sending out not telecom or yahoos server.

The problem is that if you have say a Vodafone email address, or one of many that don't allow access to their smtp server from outside their network, because they don't support SSL or authentication, you're pretty well stuffed. That's why many of Telecom's customers use smtp.xtra.co.nz because at least when you're on their network, mail will go out, or at least until this latest announcement. It will piss a lot of people off for sure.

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

Allanhall

47 posts

Geek
+1 received by user: 4

#984040 11-Feb-2014 13:03

richms: if your mail provider is too inept to allow ssl authenticated smtp on an alternate port.

It's when that port gets block with zero prior notice that frustrates me. We host websites with 10 different companies for various reasons and this creates a HUGE admin headache.

Its just easier to move to another ISP that offers SMTP services for me. Can someone at Telecom Clarify when this is coming into effect so I can be moved before the fact. ?

Thanks.

Spong It will piss a lot of people off for sure.

Yes you can take that to the bank. Me for one.

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#984044 11-Feb-2014 13:04

They should direct their anger at vodafone for that. Allowing unencrypted mail from outside their network is stupid. Look at that thing the banking ombudsman said about someone's mail being "hacked" on a free wifi connection. couldn't have come at a better time for telecom to discontinue offering insecure mail IMO.

Richard rich.ms

Lazarui

136 posts

Master Geek
+1 received by user: 27

#984119 11-Feb-2014 14:09

Allanhall:
richms: No those people should be using their mail providers servers for sending out not telecom or yahoos server.

If we are paying for Telecom as an ISP we are should be allowed to use this service. They are already blocking a range of ports that our host uses for SMTP. Which is why we do use SMTP.xtra.co.nz on a range of our machines.

This is painful news to me.

Good idea, but I do know a lot of Telecom broadband customers who rely on smtp.xtra.co.nz to send email out from their "non-xtra" accounts. Those people will need to authorise those accounts by adding them to their Yahoo/Xtra accounts before they can use send.xtra.co.nz SSL/465, a process that Joe Public often has difficulty with.

Sorry I think that this is not a good idea. I NEVER use my Yahoo/Xtra accounts now we have to login to this unsecure accounts and actually use them.

Can anybody from Telecom clarify this? I was about to sign up to a 2 year VDSL contract and if SMTP is not longer a service without jumping through hoops.

Ok I can see I am going to get fried for this post.

The only port telecom block is port 25, and you can request for this to be unblocked if you wish, it's about a if you have a legitimate use for having port 25 unblocked they'll do it, heres a link: http://help.telecom.co.nz/app/answers/detail/a_id/1218 port 25 filtering is normal accross most ISP's nothing unusual here its a network protection issue, otherwise the ISP gets blocks of IP's on RBL's all over the place.

**edit removal of rubish

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 | 11