Everything In Between

If your project so much as pretends to have a profit motive, I will tell you to go fuck yourself and your project.

seed this page on BitTorrent

A Conversation About Email Security with Road Runner

13 comments

Yesterday I was having a bunch of fun playing with SSH tunnels. While I was at it, I glanced over at Thunderbird when it beeped at me, signifying I had new mail. That’s when I realized that I hadn’t yet taken the time to secure any POP3 or SMTP traffic travelling from my local machines. While I was having all this fun with various SSH shenanigans, I had completely forgotten about one of the simplest things I could do to secure my account: running POP3 and SMTP over SSL, aka POP3S and SMTPS (or SSMTP).

Enabling this kind of connection for my own server was no problem at all. Actually, my web hosting provider is smart enough to offer these services right off the bat, so it was merely a matter of confirming their existence.

telnet my-domain.com pop3s

However, I also have a Road Runner account because those folks are my home ISP. Unsure whether or not they offered these services, I scoured their online help pages but no avail. There was only scant information on security, and most of it had to do with how to block pop up windows in Internet Explorer (a futile excersize anyway).

So I turned next to their online chat support. In order to connect, they required that I fill out my full name and email address in a form (which was not itself secured with HTTPS by the way). Here’s a transcript of my conversation with their representative.

Mike S.: Thank you for choosing Road Runner Technical Chat. My name is Mike S.. May we have the first and last name, and the phone number with the area code of the master account holder?

Meitar: Believe I just gave that to you, but sure: Meitar Mxxxxxx (xxx) xxx-xxxx

Mike S.: Thank you, and with whom am I speaking currently?

Meitar: That’s me. Meitar.

Mike S.: Thank you, what technical issue may we assist you with?

Meitar: I’m wondering if you support pop3s (or POPs) for email?

Mike S.: What is it that you are attempting to do?

Meitar: Use it. If it’s available, I’d much rather retrieve my email via an SSL-secured connection than a plaintext one.

Mike S.: If you are trying to connect to a POP3, then that is fine. If you are attempting to setup a POP3 server on your home connection, this would not be supported, and in fact against the Road Runner Terms of Service Agreement.

Meitar: Nonono, I’m not trying to set up a server, I just want to know if *you* support the protocol.

Meitar: That way I can hit that “Use SSL” checkbox in my Mail program.

Mike S.: If you are connecting to the Road Runner POP3 e-mail server to receive your e-mail messages, you will not be able to set it to SSL. If you are using another POP3 server to receive e-mail from another account, you will have to contact the provider of that POP3 server.

Meitar: So you *don’t* use it, right? I’m connecting to the pop-server.nyc.rr.com machine, whichever that is, for my Road Runner email, in case that helps any.

Mike S.: I am sorry, but I do not understand what it is that you are asking of me. That is the correct POP3 server for the Road Runner e-mail accounts.

Meitar: I’d like to know if my computer can still talk to yours if I tell it to speak POP3S rather than plain-old POP3. I want to know this so that I can set up my mail programs to “use SSL” if your server supports it. As I said before, I’d much rather use an SSL connection than not because I frequently check my mail from hotspots around the city.

Mike S.: As I mentioned, you are not able to “use SSL” for the Road Runner e-mail server.

Meitar: Okay. That’s what I wanted to know. :) As an alternative, do I have access to an SSH account along with my subscription to Road Runner?

Mike S.: Unforunately we do not offer such a service at this time.

Meitar: Hm. Drat…. Well, thanks anyway Mike. Hopefully Road Runner will soon offer secure email alternatives for their customers. :) Have a great rest-of-the-day.

Mike S.: You are very welcome! Have a great day!

Mike S.: If you have no further issues that we can assist you with, you may end the chat session by clicking on the Hang Up button and a chat transcript will be displayed for you. Once again thank you for choosing Road Runner!

In an ongoing effort to continue improving our quality of service, we are conducting a customer survey. If you would like to participate, please copy and paste the following link into your browser: http://help.rr.com/html/chatsurvey.html .

Mike S. Has Disconnected

I couldn’t help but be so nice because he really made me laugh.

Written by Meitar

September 28th, 2004 at 3:09 am

Posted in Security & Privacy