Feeds

T-Mobile 'fesses up to secure email ban gaffe

Wild spam-hunting robots killed off SMTP connections

Beginner's guide to SSL certificates

T-Mobile was caught blocking the secure transmission of emails earlier this month, and VPNs too, but the operator claims the former was a mistake while the latter is a legacy from a bygone era.

The problem turned up around the end of December when some punters found T-Mobile was responding to all encrypted SMTP connections, other than to its own servers, with a reset (RST) packet. That was then compounded into conspiracy when Mike Cardwell realised his Virtual Private Network connections weren't being let though either, which turns out to be an unrelated and unfixed issue.

T-Mobile employs a variety of techniques to make sending spam over its network difficult, including blocking connections made to arbitrary SMTP mail servers. Secure connections, which are then generally authenticated with a name and password, are permitted as they're useless to spammers, but for a week or two T-Mobile's network was rejecting secure connections as well as the insecure ones.

Before the age of spam one could connect to any mail server, anywhere, and ask it to relay messages, but these days servers won't accept mail unless it's addressed to someone it's responsible for, or comes from a trusted connection (so you can send mail through your own ISP's server addressed to the rest of the world). But a spammer can still connect to the mail server at, say, AOL, and send thousands of messages to AOL accounts, and if they did that from a pre-paid mobile number then they're effectively untraceable.

AOL's server may decide not to forward those messages, and may reject the connection as suspicious, but that's beside the point.

These days most mail servers allow account holders to connect remotely and send mail, therefore relieving them of the need to run a local server, but that means sending the account name and password which should only be done over a secure connection, and it's those connections that T-Mobile was erroneously blocking.

When it comes to VPNs things are slightly more complicated. T-Mobile used to sell connections which did not permit the use of a VPN, and customers on those contracts will still find their VPN use blocked. These days the operator tells us that all its mobile broadband offerings permit VPN connections, though that right may be withdrawn from a customer who abuses the fair-use policy.

So, on T-Mobile's network, secure SMTP should work, and for most people VPNs should work too, but a failing VPN is probably down to an old contract. So give T-Mobile a bell and ask before you start breaking down the packets or accusing anyone of turning Blighty into communist China. ®

Remote control for virtualized desktops

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?