Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 
1728 posts

Uber Geek
+1 received by user: 416


  # 1758051 7-Apr-2017 11:54
One person supports this post
Send private message

groj:

 

Nothing on the Spark website to advise any changes nor notes this.  Mail just stopped working.

 

 

the problem is , Sparks website can sometimes be a hard to navigate mess. All sparkle, no substance smile (many other ISPs website are much worse)

 

Not sure why this page is still up, as is . Surely users should be taken to a newer webpage with newer info
http://www.spark.co.nz/help/internet-email/plans-services/yahoo-xtra-mail-basics-and-support/

 

 

 

This page has some more relevant info
http://www.spark.co.nz/help/servicealert/emailservicealert/

 

" So if you're having trouble sending and receiving email, it may well be that you need to update your email client or operating system to make sure it has the latest security measures in place."
"Given the number of email clients and operating systems out there and increasingly complex email set ups, it's impossible for us to state clearly whether your specific set up is supported from a security perspective. "


2 posts

Wannabe Geek


# 1758059 7-Apr-2017 11:59
Send private message

Couldn't agree more.

 

Just had a long chat with the support team. There is a posting under the outages page at http://www.spark.co.nz/outage which is a long and non-sensical read.

 

Still, poorly managed.  Just looking now at if and how I can swap over to business mail.

 

And, I still get MS updates for Office 2011 for Mac.  Everthing else works.  Just my MacBook which is what I use when travelling

 

 


 
 
 
 


1365 posts

Uber Geek
+1 received by user: 282

Subscriber

  # 1770795 26-Apr-2017 17:22
Send private message

tdgeek:

 

nunz:

 

 

 

you missed the point in the first lines. Most of us today end up hooked to multiple ISP by virtue of our mobility. Even if your phone is with Acme ISP you are on a differnt network to the broadband network they offer and without the ability to tunnel back into your home mail server using authentication and/or SSL then you are screwed. Add to that my internet at home is possibly different ISP to work and then hotels / motels / cafe / client sites etc - you end up coming out of multiple ISPs.   Until recently many of the ISPs were only using port 25 and port 25 is still the default receiving port for all SMTP servers - so if they are blocking it on your ISP you cant send outgoing email from your own mail server, that sits with your ISP.

 

 

 

 

No, I didn't miss the point, that is a default reply if the replier does not agree.

 

Multiple ISP, yes, no problem. Use SSL that your provider, whoever that may be, uses. 

 

"Until recently many of the ISPs were only using port 25" Pardon me? Port 25 over smtp is 17 years out of date, thats long gone. Any ISP worth their salt does not provide it, or if they do, they also provide a proper, current, secure means of transmission, SSL. 

 

Any ISP worth their salt blocks Port 25 by default, so you need to ask for that to be unblocked, which is clearly an issue if you are elsewhere, motels, hotels, etc. Dont use it.

 

"port 25 is still the default receiving port for all SMTP servers" Correct, except no ISP worth their salt uses that as the sole means of transmission.

 

Use SSL. For your home mail server, use SSL. Webmail is also accepted worldwide with no issues.

 

 

>

 

>"port 25 is still the default receiving port for all SMTP servers" Correct, except no ISP worth their salt uses that as the sole means of transmission.

 

 Clear / paradise aren't ging to like you impuning them that way :)

 

>Any ISP worth their salt blocks Port 25 by default, so you need to ask for that to be unblocked, which is clearly an issue if you are elsewhere, motels, hotels, etc. 

 

Why? What benefit is there to blocking that port? Why not block every other port too? It's an arcane relic that should be removed.  THe problem is that they didn;t make or let people authenticate. THe port is not the issue - its sparks / yahoos and ither isps lack of process for many years which is and was at fault.

 

 

 

 





nunz

1365 posts

Uber Geek
+1 received by user: 282

Subscriber

  # 1770801 26-Apr-2017 17:31
Send private message

tdgeek:

 

adx:

 

nunz:

 

richms: Why is the ISP the logical place to do it?

They don't provide IRC, discord, WhatsApp or any other servers so not sure why they are logical just for email?

 

Because they used to block port 25 and make life a real heart ache for those not using them as their mail service. Now the ISPs all want out of mail hosting but its them that forced us towards them in the first place. Just because it is hard - they have now reversed hsitorical policies.

 

Your question makes sense NOW - but it is only a very very few short years ago that it made no sense at all. cloud services are now defacto standard. They weren't then and there is a huge cost in moving historical processes for a business.

 

 

 

Basically what I was going to say, except I'm struggling to come to terms with any fact that it is only a historical problem.

Email pre-dates the web and is every bit as popular as the web these days, even if a lot of it is hosted in the cloud, through the web. It's still email (eg Google's SMTP). It's not a web service some company dreamed up, nor is it (ISP email) really a "server" since a mail relay has client and server functions. It's just a way of sending emails, or queuing them for delivery after the user disconnects their dialup link. Roll the clock forward a decade or two, then they blocked port 25. It's like an ISP blocking port 80 because this new-fangled web thing is inconvenient or costing them too much. If they didn't provide some sort of proxy, nobody would or could use it. I'm also only talking about SMTP - the ability to send or relay emails (because of spam, the port 25 block, and the reason this was needed). Incoming email has a similar story, because it was impractical to deliver directly in the days of dialup, and it is still strongly discouraged for end users to have to run a mail server at their end (say on their phones). Incoming spam is less of a dire emergency but still better centrally managed (eg Gmail) or with good real-time RBLs.

The function of an ISP used to be to make the popular functions of the internet accessible to "ordinary people" - web, email, maybe a usenet server or whatever else is needed to make a dialup connection on client computers usable (as opposed to say a university with their own servers and permanent connection). What seems to be happening these days is the "S" (service) is being dropped and those functions are being pushed off to third party providers, often "free", often massive thrust-advertising data-mining global corporates which is ok but has its own cost. Customers are paying their "IP"s retail prices for a wholesale function. Would be my gripe, had the connections not got so much better and cheaper over the last couple of decades.

My actual gripe is that being able to run a mail client or in-house server of some kind is just as relevant these days as 20 years ago, therefore the function is just as relevant, consumers are just as needy, and the business case for it remains. Yet the latter is being actively dissolved, we're all expected to go to Gmail, or pay again for some third party to provide the "service", secretly / by mistake / loss of insight. Not blaming Spark for that at all (they are evidently well aware of the need to support the "old" way of doing things, once forced to re-open their eyes), just the weird belief-overrides-all disconnect raised in my last post.

 

 

 "then they blocked port 25. It's like an ISP blocking port 80"  Your not serious? Maybe you and nunz need to seek the services of an IT guy. Port 25 is used by spammers, there is (or was) more spam throughout globally than legit email. You cannot remotely compare Port 25 to Port 80

 

I'm not going to bother replying to any other points in your post, sorry. If you used todays email transmission protocols, and not one that old, insecure and long gone, you would not have issues. Analogy, your basically trying to get Windows 95 to work with everything in 2017. 

 

 

>"then they blocked port 25. It's like an ISP blocking port 80"  Your not serious? Maybe you and nunz need to seek the services of an IT guy. Port 25 is used by spammers, there is (or was) more spam throughout globally than legit email. You cannot remotely compare Port 25 to Port 80

 

1 - You are being rude which  his against the rules of the forum.

 

2 - The blocking of port 25 was because the isps didn't implement authentication. It had nothing to do with protocols or security - purely becuase they failed to force people to authenticate before using port 25. As soon as they forced authentication on port 25 99% of the issues dissappeared.  Todays email transmission protocols are exactly the same as windows 95 protocols. smtp, pop are still exactly the same - the only difference is if you decide to wrap security around the connection (tls / ssl) - which works at the different layer of the osi model stack.  Again, encryption was never the issue, authentication was.

 

As an xtra client using xtras network, logged on an xtra adsl, not being able to send / receive on port 25 was a huge imposition. Why? Becuase xtra failed to setup authentiation on their smtp sending servers. Not an encryption issue. To then have your own mail server vbe able to send required special permission - which often didnt come. It was a dumb response - a sledge hammer to open a tin can full of fluff. Wrong tool, wrong application.

 

Before bagging us - maybe take time to understand what you are commenting on.

 

 

 

 





nunz

1365 posts

Uber Geek
+1 received by user: 282

Subscriber

  # 1770819 26-Apr-2017 17:53
Send private message

adx:

 

yitz:
adx:

 

Furthermore, all that SMTP traffic is completely unsecured - plaintext. Email is supposed to be insecure, which may be a surprise to those security "yapalongs" (to potentially coin a word). It has to be this way - email is public - how is a receiving server to understand encrypted data from "any source"? (Yes, I realise this would technically be possible, but it's not done.).

 

Actually in the post-Snowden world it is pretty much all encrypted.

 

At the link level, yes, I suppose everything would be. But that's not much use if the very entity that you least want abusing your information has all the keys...

 

What I was wondering was if there is any effective encryption (beyond physical security) of the links between all the mailservers (in the old ISP to ISP sense). Once the virtual connection comes out of the router in the datacentre - does it normally go through some sort of encryption process in the server or something locked into the same cabinet? This is not so much a worry for a traditional "phone exchange" type DC like you'd imagine an ISP would have, but it just going somewhere in the building with no more than the usual level of wiring security you'd find in the corporate world, with random failovers and peering connections and other customers about the place. I don't know. Now I think about it most places that "take security seriously" are going to actually do that, but it has to happen at both ends, and any places in between, no matter where in the world it goes. AFAIK there is no encrypted connection from "end to end" over the internet for SMTP.

 

 

SMTP by definition is not secure - the protocol doesnt allow for it. However by wrapping other protocols around it ( more layers to the oniion) you get security by encrypting the pipe that lets smtp go down it. Ditto pop3, imap, http, ftp, telnet, and every other protocol we have ever used. The secure part is a wrapper in most cases.

 

TLs lets you connect in the clear, then agree to step up to security, SSL forces the handshake to be secure from the get go.

 

End to end encryption. There are several ways to do it - most involving public key encryption and certs similar. The other alternative is to encrypt the content using public key encryption - you grab the public key of the recipient you want to send to, encrypt your message, stick it in any protocol you want ( but using tls / ssl secured connection adds another layer of security) and off you go. The biggest sticking point to using public key encryption is how do you trust the public key you are using actually belongs to the person you want to send stuff too. However that question is analogus to asking, how can you be sure the email address you are sending to is the right one.

 

Certificate process with trusted intermediate certs works pretty well - but it does put you in the hands of the certificate providers again - which leads to control and trust issues again. DNS and records being published over who can send and receive mail for what domain works reasonably, but there are new protocols coming through where you will have to add new DNS records to say who can host and manage your domain records - even more so than we currently have.

 

 





nunz

'That VDSL Cat'
10213 posts

Uber Geek
+1 received by user: 2454

Trusted
Spark
Subscriber

  # 1770895 26-Apr-2017 20:40
Send private message

Okay, my turn to step back in here now that i'm back from my project.

 

 

 

@tdgeek is correct, unencrypted SMTP is generally filtered by all isps, Filtered not blocked.

 

You may turn off the filtering at your request, on the simple agreement that you will keep ontop of your security etc.

 

 

 

Paradice and Clear email is a bad example of this, they still run like an Arcadic provider.

 

There is nothing wrong with a provider blocking SMTP on Port 25 by default, with spark you don't even have to make a phonecall. - spark.co.nz/port25

 

 

 

to quote the FAQ here

 

When do I need to unblock Port 25?

 

  • Check with your email provider to see if they have a secure port you can connect to.
  • If your mail server doesn't support a secure connection on another port, unblock Port 25.

This is absolutely the point here, If you require it unblocked, there is a process that is easy as can be.

 

 

 

Now yes, there was a period where SMTP forwarding was not working correctly.

 

Now that is resolved however i still do stick by the statement you should not be using this, i freely tell my customers this explaining all the security reasons as well as portability 

 

 

 

portability being my final point to make with port 25, If you restrict yourself to a port 25 service... You are limiting yourself to Only being able to use the service on that connection.

 

Compare this to a simple ssl setup, which will not matter what rsp you are behind, take your laptop to a mates its fine.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




14828 posts

Uber Geek
+1 received by user: 2008


  # 1786976 23-May-2017 17:44
Send private message

Since the problems prior to the email changeover with SMTP, as per my original post, I have been using the yahoo SMTP mailserver, as suggested by someone on this thread. As of today it is still working. However I suspect that it will stop working soon, and apparently Spark has now complted the migration. So am looking at changing the SMTP servers setting back to Xtra. I have tried entering send.xtra.co.nz as the outgoing mailserver, but I get the error that my email address is not authenticated to send via that server. I have been through the new SMX interface to find were you can change the authenticated email addresses, but can't find where you do this on their new system.  Obviously their new system didn't copy across the settings. Anyone know how.?


'That VDSL Cat'
10213 posts

Uber Geek
+1 received by user: 2454

Trusted
Spark
Subscriber

  # 1786977 23-May-2017 17:47
Send private message

mattwnz:

 

Since the problems prior to the email changeover with SMTP, as per my original post, I have been using the yahoo SMTP mailserver, as suggested by someone on this thread. As of today it is still working. However I suspect that it will stop working soon, and apparently Spark has now complted the migration. So am looking at changing the SMTP servers setting back to Xtra. I have tried entering send.xtra.co.nz as the outgoing mailserver, but I get the error that my email address is not authenticated to send via that server. I have been through the new SMX interface to find were you can change the authenticated email addresses, but can't find where you do this on their new system.  Obviously their new system didn't copy across the settings. Anyone know how.?

 

 

 

 

Please PM me the following details and i'll have SMX reapply the authentication

 

Account number:

 

Xtra email address:

 

Third party email address:

 

 

 

I do expect the yahoo service to stop allowing your authentication any time, I'm surprised it is still working..

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


1358 posts

Uber Geek
+1 received by user: 319


  # 1787320 24-May-2017 10:40
Send private message

That was timely, as of this morning looks like the Xtra-Yahoo partnership is finally over and xtra.co.nz Yahoo accounts have been closed.

 

 

Yahoo NZ portal still has a link for Xtra Mail that goes to the Yahoo login for some reason.

'That VDSL Cat'
10213 posts

Uber Geek
+1 received by user: 2454

Trusted
Spark
Subscriber

  # 1787322 24-May-2017 10:44
Send private message

yitz: That was timely, as of this morning looks like the Xtra-Yahoo partnership is finally over and xtra.co.nz Yahoo accounts have been closed. Yahoo NZ portal still has a link for Xtra Mail that goes to the Yahoo login for some reason.

 

 

 

This is a great thing, the final ending of xtra accounts being able to login to yahoo will move the last few customers off trying to use the old service.

 

It is both a frustrating and great thing to hear customers are still using yahoo to login, frustrating because somewhere along the lines we have not made xtramail.co.nz clear enough yet.

 

Great however because there is not actually any system issue, just need to spend some time helping the customer move right across :)





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


1 | 2 | 3 | 4 | 5 | 6 | 7 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.