Feeds

T-Mobile 'fesses up to secure email ban gaffe

Wild spam-hunting robots killed off SMTP connections

Providing a secure and efficient Helpdesk

T-Mobile was caught blocking the secure transmission of emails earlier this month, and VPNs too, but the operator claims the former was a mistake while the latter is a legacy from a bygone era.

The problem turned up around the end of December when some punters found T-Mobile was responding to all encrypted SMTP connections, other than to its own servers, with a reset (RST) packet. That was then compounded into conspiracy when Mike Cardwell realised his Virtual Private Network connections weren't being let though either, which turns out to be an unrelated and unfixed issue.

T-Mobile employs a variety of techniques to make sending spam over its network difficult, including blocking connections made to arbitrary SMTP mail servers. Secure connections, which are then generally authenticated with a name and password, are permitted as they're useless to spammers, but for a week or two T-Mobile's network was rejecting secure connections as well as the insecure ones.

Before the age of spam one could connect to any mail server, anywhere, and ask it to relay messages, but these days servers won't accept mail unless it's addressed to someone it's responsible for, or comes from a trusted connection (so you can send mail through your own ISP's server addressed to the rest of the world). But a spammer can still connect to the mail server at, say, AOL, and send thousands of messages to AOL accounts, and if they did that from a pre-paid mobile number then they're effectively untraceable.

AOL's server may decide not to forward those messages, and may reject the connection as suspicious, but that's beside the point.

These days most mail servers allow account holders to connect remotely and send mail, therefore relieving them of the need to run a local server, but that means sending the account name and password which should only be done over a secure connection, and it's those connections that T-Mobile was erroneously blocking.

When it comes to VPNs things are slightly more complicated. T-Mobile used to sell connections which did not permit the use of a VPN, and customers on those contracts will still find their VPN use blocked. These days the operator tells us that all its mobile broadband offerings permit VPN connections, though that right may be withdrawn from a customer who abuses the fair-use policy.

So, on T-Mobile's network, secure SMTP should work, and for most people VPNs should work too, but a failing VPN is probably down to an old contract. So give T-Mobile a bell and ask before you start breaking down the packets or accusing anyone of turning Blighty into communist China. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.