Forgot your password?
typodupeerror
Microsoft Your Rights Online

MSN Forces Outlook POP 729

Posted by CmdrTaco
from the you-gotta-be-kidding dept.
Phoenix-D writes: "Qwest.net, my Phoenix-area DSL provider and ISP, recently decided to hand over their ISP buisness to MSN. No huge deal, right? Well, check out this blurb: 'Due to the Microsoft anti-spam initiative, customers are restricted to use their mail services. Therefore, POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express.'" Awesome. Microsoft's Anti-Spam initiative forces POP users to use the primary sender of mail worms.
This discussion has been archived. No new comments can be posted.

MSN Forces Outlook POP

Comments Filter:
  • They could force everyone to use a MAPI client.
  • by Quasar1999 (520073) on Wednesday October 17, 2001 @10:14AM (#2441316) Journal
    How exactly is this enforced? I'm sure there has got to be someway to get around it, if they allow Outlook to use it, then there has to be some way to fool the system into thinking whatever you are using is outlook... isn't there?
    • by nick_burns (452798) on Wednesday October 17, 2001 @10:18AM (#2441353)
      They probably check to see if you're sending out 300 copies of the latest email worm.
    • by Anonymous Coward
      If MS is RFC compliant (no secret fields that identify the client) they can't enforce it. There is no cliet field in POP3.

      I say it is not enforceable and that they're just saying it to force the average user to use MS clients. POP is POP. Try something else and I bet it would work.
      • Just a guess (Score:3, Informative)

        by zerofoo (262795)
        I setup outlook express for a friend of mine who uses MSN. It seems microsoft's way of authenticating users is some sort of "secure" authentication. It's a feature called "SPA" or secure password authentication. My guess is that they encrypt the account name and password in a similar way to NT login authentication so the actual name and password never go across the wire.

        -ted
    • Re:Fool the system? (Score:3, Informative)

      by Anonymous Coward
      They are just forcing the use of a MSN email account. This was from the link:

      Q: Will I still be able to use my Qwest.net e-mail account after I transition my account to MSN®?

      A: No. When you begin the MSN transition process, you will be given the one time option of forwarding your Qwest.net primary e-mail account to your new MSN e-mail address. Additionally, you will have the choice to activate an auto reply feature that automatically sends your new MSN e-mail address back to anyone who sends an e-mail message to your old Qwest.net e-mail address. These e-mail features will be in place for at least 18 months from the date you transition your account to MSN Internet Access
    • SPA (Score:5, Informative)

      by oni (41625) on Wednesday October 17, 2001 @10:21AM (#2441390) Homepage
      Outlook uses Secure Password Authentication (SPA). Some weird protocol that only microsoft knows. No other programs that I am aware of support it.
      • Further down this post I explained that. I think SPA uses an authentication mechanism similar to NT authentication. Basically it's a token exchange process to encrypt the name and password so the plain text name and password never go across the wire.

        -ted
      • Re:SPA (Score:5, Informative)

        by AssFace (118098) <stenz77NO@SPAMgmail.com> on Wednesday October 17, 2001 @10:55AM (#2441576) Homepage Journal
        only microsoft knows

        hmm, that is likely what they *want* - but I doubt that is the case. somebody knows it, and plenty of people could reverse engineer it - there likely just wasn't the need or desire - until now. I have a feeling it won't be long at all until there is an easy way around this.

        my easy way around it is not allowing anything msn on my system. (I installed winXP on my computer and even though I disabled msn in all the menus, it ignored all that and still took over and came up all the time - I finally just killed it by deleting its files and all references to it in the registry... amazing how quiet it got after that) - I hate real player for the exact same reason (it asks what you want to do in the menu system, you tell it, and then it goes and ignores that and does what it wants anyway, which is usually to assume command of all file associations regardless of what you asked it to do)
        • Re: SPA (Score:5, Informative)

          by Anonymous Coward on Wednesday October 17, 2001 @12:33PM (#2442171)
          Rid yourself of messenger:

          1. Open c:\Windows\inf\sysoc.inf in Notepad.
          2. Type Ctrl-H
          3. Enter ",hide," in the Find What edit window.
          4. Enter ",," in the Replace With edit window.
          5. Click Replace All
          6. Open Add/Remove Programs from the Control Panel
          7. Select Add/Remove Windows Components
          8. Uninstall Windows Messenger

          And no, she'll never come back.
      • Re:SPA(M) (Score:5, Funny)

        by eldurbarn (111734) on Wednesday October 17, 2001 @11:01AM (#2441609)
        Secure Password Authentication (Microsoft)


        Cute acronym :-)


        (Or should that be: Oxymoron)

    • If you're forced to use Outlook to get your e-mail, there are ways to make it as "pleasant" and "secure" as possible.

      Want to use Linux, but need to use Outlook to get your mail? Fine, it's called a Virtual Machine. Run VMWare, load it with Win9x/NT/2k/XP, and either Outlook or the OE that comes with the OS. Put a shortcut to Outlook in the StartUp folder so that launches with Windows, and all you have to deal with is the extra overhead of the Virtual Machine's booting of Windows. Inconvenient but workable and not too difficult to set up.

      Maybe WINE supports Outlook/Express? I don't know because I don't follow WINE, but I'm sure someone can tell us. In any event, VMWare with Windows installed would handle it for sure, andf pretty easily. And there's no security threat to your *real* OS, just the one in the VM. And turning off all of Outlook's bells and whistles would even eliminate that security problem. Like I said, inconvenient, but workable.

      Even if you're running Windows and don't want the bloat of Outlook/Express cluttering up your OS all the time even when not in use, running a VMWare VM with a light version of Windows installed and Outlook running in that VM would be an option. You can pare down Windows using 98lite from http://www.98lite.net, BTW, making a fully functional install take up as little as 50MB--perfect if you want to run it from a VM for a limited purpose of interoperability. And if your system is that of a hardware enthusiast--hey, this is /. afterall--it shouldn't be too painfull.

      Complicated? Yep. It would be much better just to be able to use any POP client. But if you can't, you can still run Outlook through Linux, one way or another, or even keep Outlook off your primary Windows install if that's the OS you use.

      BTW, if you run Windows and are "upgrading" to WinXP, I'd wait for 98lite.net to finish work on their WinXP installer. It will allow you to *really* keep all the little bits of OE, MSN, etc., that usually get installed, from ever touching your PC. I currently use their version for Win98SE and am very happy with it--without all the extra junk installed, it's surprisingly stable and fast. Perfect for gaming and all else...
  • Good (Score:2, Funny)

    by Rombuu (22914)
    Awesome. Microsoft's Anti-Spam initiative forces POP users to use the primary sender of mail worms.

    Good... maybe that will force people to apply their damn patches so I quit getting their documents in my mailbox.
  • uh, isn't pop3 open? (Score:3, Interesting)

    by O (90420) on Wednesday October 17, 2001 @10:16AM (#2441332)
    How is this even possible? POP3 is an open standard, and most every client speaks that protocol. To restrict it to one set of clients seems like a futile measure, as clients will just start coming with options to spoof their client ID, just like Opera and iCab can for http.
    • *I am not saying MS is FORCING this*

      If they did though, what's your basis for this statement? How many other "open" ideas has MS gone against and forced w/their own bullshit? ActiveX, Java, etc? Come on, be serious.
    • POP3 is open. But there's also IMAP. Guess who promotes IMAP? Yup. And IIRC, IMAP allows for sending of mailer type. IIR*incorrectly*, feel free to smite me down.

      • by maggard (5579) <michael@michaelmaggard.com> on Wednesday October 17, 2001 @11:07AM (#2441652) Homepage Journal
        Smite.

        POP3is a lovely protocol but it has one terrible disadvantage: It's a download only process. Oh sure email can be left on the server but there's no flagging, folders, etc. possible.

        IMAP4 is an interesting protocol. Many developers (Steve Dorner [qualcomm.com] of Eudora being a notable [cyrusoft.com] one) complain that IMAP makes too many assumptions about how folks are implementing it, the underlying system, etc. On the other hand it works well at this point for managing remote mailboxes, setting flags, folders, partially downloading messages, etc.

        So why one over the other? POP is fine for tied-to-one machine folks. You get your mail, you download it, it's your problem. IMAP is suited to those who work from multiple machines or prefer the security of their email being kept on a server.

        Guess which population is growing? More importantly guess which population corporate types are part of?

        As an email administrator which would you prefer to work with:

        Every person having a mail file on their own computer where it can get damaged, stolen, lost along with the laptop, etc.

        or

        One server holding all of the mail safely & securely, backed up nightly, easy for you to trouble-shoot, folks able to access it from any machine?

        Now you see why MS supports IMAP: Their customers really pushed hard for it. Is it part of some big MS-conspiracy? Possibly but there's no good evidence and certianly no rationale.

        Furthermore IMAP doesn't give a whit about "Mailer Type" (if it even has such a thing as an option in it's protocol which I doubt.) MS is using their encrypted login as a means to enforce this, nothing so trivially hackable as a client ID string.

        Actually encrypted logins are a Good Thing. It's just unfortunate MS is using them as a club to force folks to use only their email products and not supporting industry standard login strategies.

        So now we have AOL, the largest ISP requiring their email client (there were trials years ago with opening it up, indeed Claris Emailer still does so though the application was EOL'd 3 years ago by Apple) and now MSN doing the same. Indeed in spite of the fact that there are now perfecty good clients and secure ways of working these folks want to go back to the old "lock 'em in" strategy.

    • by Anonymous Coward

      This is a classic Embrace and Extend attack. Mere spoofing probably won't avoid it. It will require reverse engineering to figure out the Wonderful Innovation that MS has added to the protocol.

  • are you sure? (Score:2, Informative)

    by garcia (6573)
    it says that you have to use POP3. Why wouldn't that include any client that supports POP3? There is nothing in a POP3 transmission that is hidden. If they were really forcing you to use it (which I highly doubt) then you could trick the server into thinking that you are coming from an Outlook client.

    Personally I would complain to your ISP about the lack of service for non-MS clients (if this is truly the case).
    • The linked to FAQ clearly states:

      Continue to enjoy POP3 e-mail service, with an option to switch to the world's largest Web-based e-mail service, MSN Hotmail®, via MSN Internet Explorer and get up to nine e-mail screen names for you and the rest of your family. (Due to the Microsoft anti-spam initiative, customers are restricted to use their mail services. Therefore, POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express.)
      • Re:are you sure? (Score:2, Interesting)

        by brer_rabbit (195413)
        But still, unless MS it hijacking the POP3 protocol I don't see how they can enforce what client you use.

        Perhaps they meant they only *support* those clients? That I could understand. I certainly don't expect Qwest to walk me through expunging just a single message with VM under xemacs. "Now type Meta-M..."

    • I have seldom used Outlook and do not have a Passport account, but I recall something about Outlook using Passport for authentication when checking MSN email addresses, requiring a client capable of using Passport. Someone care to comment?
      • Re:are you sure? (Score:5, Informative)

        by Scooby Snacks (516469) on Wednesday October 17, 2001 @10:40AM (#2441536)
        I used MSN way back when, because of the $400 rebate thing that they offered.

        Anyway, IIRC (it's been 2 years and I've probably only booted MS-Windows a handful of times since then), somewhere in the mail options for Outlook Express (and Outlook too, I would imagine) there is a checkbox for an option that states something like, "Use Secure Password Authentication (SPA)?" I was never able to find out much information about this Secure Password Authentication stuff, but from what I can tell, it's a proprietary protocol. I had found a short mini-HOWTO-like document that described using MSN under Linux and it made mention of this. I could dial up and login to MSN under Linux (I had to specify the username in a particular way in my dialup scripts, dialed up to UUnet). I could even send email; they just used straight SMTP. What I could not do was receive email, as this required the previously-mentioned SPA.

        So, besides the fact that everybody already knew, that this won't stop spam unless they block outbound port 25 to all hosts, you can still send mail through their servers any way you like. The problem is actually getting to the mail you receive.

        (Addendum: After I started working for an ISP a few months later and was getting free dialup, I stopped sending in payments. They cut me off after a couple of months but never came after me for the $400.)

  • what?! (Score:2, Insightful)

    by verch (12834)
    This is like Exxon saying if you want to use their gas you have to have an Exxon car. Someone please explain to me again why MS's business practices aren't anti-competitive? I won't even get into how oxymoronic it is to push outlook and hotmail as ways to combat spam, worms, etc..

  • Is this going to be MS's new way of stopping Linux from gaining ground? Make a DSL/Cable deal with a provider and force subscribers to use your tools which just so happen to be on your platform exclusively.....Anti-trust violations ad infinitum

  • All right, this is gonna sound bad. But let's be real here: you can dump always dump your ISP is you disagree with heinous policies. Yes, I know that in some areas there aren't many providers of decent bandwidth (especially recently with DSL companies going buh-bye left and right), but customers have to stand up for their rights on this sort of thing. Unfortunately, given our recent state of affairs in government, the only *effective* way of doing so is making your dollars do the talking.

    Of course, there's always other options too. You could always skip the ISP part and just do your email via web hosting service (no, I'm not self-serving here, it's just true). Especially for folks who run a business, this is a good option.

    What other ways are there of combating this kind of B.S.? I suspect the good folks over at Netscape and other net software providers aren't going to be too terribly thrilled with this... do any of these companies have workarounds?

  • by DahGhostfacedFiddlah (470393) on Wednesday October 17, 2001 @10:18AM (#2441352) Homepage
    From the article :

    Currently, the plan is to transition those customers who:

    Have Qwest.net Internet Access using an analog dial-up line, Qwest DSL 256, Qwest DSL Select, or Qwest DSL Deluxe connection and,
    Use the Windows operating system.

    MAC Customers: MSN is working on a MAC solution for your Internet access needs. Until that time, there will not be any changes to your Qwest.net Internet Access service.


    No mention of Linux, but I'd assume they'll treat non-Windows the same (until they have a Mac-only fix, of course).

    Hmmm - taking a second look at the capitalization on "MAC", it looks like they don't have a "solution" for anyone using a network card :)
  • by andres32a (448314) on Wednesday October 17, 2001 @10:18AM (#2441359) Homepage
    From the faq on MSN-QWEST (the most hillarious thing i have ever read):

    "Q: Why should I transition my service to MSN®?

    A: There are many reasons why you should transition your service:

    With more than 230 million visitors per month, MSN is available in 33 markets and in 17 languages.
    (Source: Jupiter MediaMetrixTM Digital Media Report, April 01 for US, UK, France, Germany, Canada, Australia, Japan, Spain, Brazil, Italy, Switzerland. Data are an aggregation of above listed countries.)
    When you upgrade your service, special promotions are available to you.
    Quality, reliability and speed.
    Technical support, 24 hours a day, seven days a week, at no charge!
    Continue to enjoy POP3 e-mail service, with an option to switch to the world's largest Web-based e-mail service, MSN Hotmail®, via MSN Internet Explorer and get up to nine e-mail screen names for you and the rest of your family. (Due to the Microsoft anti-spam initiative, customers are restricted to use their mail services. Therefore, POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express.)
    Instant messaging from MSN Messenger Service, the fast growing instant messaging service.
    You get more space for your personal Web site from 5 MB to 30 MB.
    Easy access to great resources from MSN that help make your life better.
    Catch up on the latest news from MSNBC
    Listen to your favorite music
    Play games
    Send instant messages
    Create an online photo album for your family
    Personalize your home page with weather, sports, news or local events
    Shop from the convenience of your home
    Invest your money wisely
    Search for information
    Send online greeting cards
    Plan your vacation
    Take care of your family's health (This one is amazing)
    And, so much more

    • Continue to enjoy POP3 e-mail service, ...

      I would submit that if they're using a proprietary authentication scheme, then is ceases to be POP3 access as advertised. Get your state's Attorney General involved as this is a blatant case of interstate fraud.

    • Even funnier... (Score:4, Informative)

      by Green Aardvark House (523269) on Wednesday October 17, 2001 @10:32AM (#2441471)
      From the website:

      Q: What does the MSN® and Qwest® alliance mean to me?

      A: Under the agreement, MSN will become the preferred Internet Service Provider (ISP) for some Qwest.net Consumer Internet Access customers. Qwest and Microsoft® are working together to provide consumers with best-of-breed MSN content and services via Qwest's Internet infrastructure. Customers will benefit from this joint offering in many ways including...
      (emphasis added)

      Ummm...according to the Consumer Reports Sept. 2001 issue, MSN was rated as the worst Internet provider.

      Nice to see that Microsoft not only squeezes the consumer, limits choice, but also engages in bald-faced lying!!
  • Microsoft email spam free? I think not!

    I opened a hotmail account last week so I could set up an instant messenger account. I made sure that I had unchecked *all* the advertising, pass on your e-mail, useful partners checkboxes. I have *never* used the account and have *never* published the address yet within 24 hours I had a dozen XXX, $$$ emails in the inbox.
  • by GlassUser (190787) <slashdot.glassuser@net> on Wednesday October 17, 2001 @10:19AM (#2441371) Homepage Journal
    cached at http://www.google.com/search?q=cache:Hj0Zy1r9WSc:w ww.qwest.net/nav4/msn/faq.html+&hl=en [google.com]
    Well, it loaded now, but it's slow.


    Any way, how can the tell what POP3 you're using? And why would POP3 stop spam? Wouldn't SMTP be where the action is? (I'm assuming that's what they mean). Are they looking at headers (easily emulated by spamware, ineffective) or some other signature? And I don't see how this will stop spam, anything like that is easily emulated. More and more stupidity.

  • by Logic Bomb (122875) on Wednesday October 17, 2001 @10:20AM (#2441376)
    I can't imagine a better example of anti-competitive practices. MS is going to force people who never selected them as an ISP to use MS software in a manner that does not at all aid "anti-spam initiatives" and, as the post pointed out, will almost certainly make related problems even worse. How on earth does *anything* related to what client is used to access a POP3 server effect spam??? SMTP would at least seem in the ballpark, but POP?
  • by fmaxwell (249001) on Wednesday October 17, 2001 @10:20AM (#2441378) Homepage Journal
    Send them a snail-mail to MSN stating that you are an employee of a firm that makes a commercial e-mail client that competes with Outlook. Ask MSN to provide to you, in writing, a statement about the use of non-Microsoft e-mail clients on MSN. Make sure to suggest that this be handled by their lawyers.

    If you want to really get their sphincters to pucker, send a copy to the Justice Department.
    • MSN is not a monopoly. MSN can require the use of certain software in pretty much the same way that AOL does.

      I know you want to make an anti-trust issue of this, but there is a big logical chasm to cross first.
      • by Soko (17987) on Wednesday October 17, 2001 @11:24AM (#2441756) Homepage
        Of first glance, you would seem correct.

        However, the logical challenge is not that great.

        1. Some QWest customers do not own Microsoft Windows.
        2. Because of an MSN initiative, current customers require Windows to access thier paid for e-mail accounts
        3. Windows is a Microsoft product
        4. MSN is a wholly owned subsidiary of Microsoft

        Microsoft is therefore requiring thier customers who currenlty do not own Windows to buy a in order to continue a service. If there are no other DSL providers in the area, Microsoft is - wittingly or not - leveraging another monopoly to stiffle compeditive products.

        Soko
  • I don't get it... (Score:5, Insightful)

    by UM_Maverick (16890) on Wednesday October 17, 2001 @10:21AM (#2441381) Homepage
    Correct me if I'm wrong, but POP is a way to *retrieve* email. How does the client that you're using to *retrieve* your mail matter when it comes to spam? Granted, OE has some mail filters that can be used, but so do other clients (procmail anyone?).

    I could see this being legit if, somehow, it prevented the SENDING of spam...but it seems like, if anything, it could only possibly prevent your receiving it...that's like telling someone...well, i don't know what that's like telling someone, because it just seems ridiculous...
  • Probably (Score:2, Insightful)

    by Sawbones (176430)
    This is probably - and I do stress probably - one of those "we only support outlook and outlook express" sort of things. I mean technically AT&T@Home only allows Windows9x and Mac machines to use their network, but that sure hasn't stopped me. This way the tech support people only have to know (or deal with) two fairly similar programs.

    At least one hopes thats it.
  • by linuxpng (314861) on Wednesday October 17, 2001 @10:21AM (#2441385)
    When you sign up for a passport id with a hotmail account they wouldn't sell that address to everyone under the sun.

    I signed up for hotmail before MS ever took it over. I never used the email address in any form online, never even had any mail to it. I basically just had it because. After MS took over it litterally filled the account with junk mail.
    • by Erasmus Darwin (183180) on Wednesday October 17, 2001 @10:39AM (#2441525)
      "I signed up for hotmail before MS ever took it over. I never used the email address in any form online, never even had any mail to it."

      How guessable was the address? I've seen spammers try dictionary-based email guessing attacks on our work domain, which only has a few dozen email addresses. With hotmail, the hit rate for a dictionary-based attack has to be amazing. It might even be worthwhile for spammers to try suffixing up to two digits on each dictionary "word". The entire process would be not unlike trying to crack unix passwords, only much more effective.

      It gets even worse, of course. Once a single spammer gets a hit on your address, he can turn around and sell your address to more spammers. The number of spammers with your address will only increase.

    • by alexburke (119254) <slashdotmail AT alexburke DOT ca> on Wednesday October 17, 2001 @11:13AM (#2441687)
      I signed up for a .NET Passport for use with Windows Messenger, using a non-Hotmail address that I hadn't provided to anyone else, ever.

      Never had a single spam in it... until two days after I signed up for the Passport (being careful to uncheck the "share my information" boxes) and began using it (only to sign into Windows Messenger).

      It has gone from 0 spam/day to 6-8 spam/day, in less than one week.

      I've now blackholed that email address and cancelled the Passport. I've also created a new Passport with a poisoned address (passport@DOMAIN.TLD). If I receive spam to it, I'll know those whores sold it off, even though I specifically selected not to have that done.
    • by Robber Baron (112304) on Wednesday October 17, 2001 @11:13AM (#2441688) Homepage
      After MS took over it litterally filled the account with junk mail.

      Then every other day you get a message saying that your account is too large...
  • by Xibby (232218) <zibby+slashdot@ringworld.org> on Wednesday October 17, 2001 @10:21AM (#2441387) Homepage Journal
    telnet popserver.msn.com 110
    user user
    pass password
    list

    Replace popserver.msn.com with the actual pop3 server. I have no clue what it actually is.
  • Third Party smtp (Score:5, Informative)

    by CodeMonky (10675) on Wednesday October 17, 2001 @10:21AM (#2441389) Homepage
    They don't allow third party smtp server either. This has caused us aa bit of a hassle as we have a lot of faculty that want to use our mail server to send mail (with authentication of course) but MSN blocks all connections to a third party smtp server and if you don't use a @msn.com type address as the From it doesn't allow it either.
    • Re:Third Party smtp (Score:2, Informative)

      by Mark Bainter (2222)
      Setup port forwarding your mail server from a higher port (like say 2025) and have your faculty set that as the SMTP port in their client. (Outlook express at least can do this, I think outlook can too)
      • heh heh
        I guess I should have stated that the hassle was setting up a port forwarder. While a workaround it doesn't change the fact that it is a pain to write a new set of docs for MSN users
    • Re:Third Party smtp (Score:2, Interesting)

      by 13013dobbs (113910)
      These blocks are based on port numbers. Set your mail server to listen to any other port (as long as it is not port 25) and the mail can go thru. It is a pain, but if you are stuck w/MSN and need to use your companies server, it will work.
    • Re:Third Party smtp (Score:2, Interesting)

      by kedge (123589)
      I had to deal with this back when I had an Earthlink dialup account. The simplest and most effective solution we found was to port forward another port on the mail server to port 25. (We used 333) Then I just had setup my outgoing smtp port to 333 in my mail client.
    • by oneiros27 (46144) on Wednesday October 17, 2001 @10:55AM (#2441575) Homepage
      As both someone who's worked at an ISP, and who has worked at a University, what they're doing by disallowing outbound port 25 connections is a GOOD thing, as it keeps spammers from using a throwaway account to originate and inject to open relays.

      Odds are, it's not based on the from address, but based on the originating IP address. [as to just allow 'from: *@msn.com' is setting themselves up as a third party relay for messages with forged headers.] It may also not be MSN, but it may be UUNet, who I believe MSN rents POPs from.

      Now, for the solution -- tell the faculty to follow the instructions from their ISP for their home machines, not the instructions from the university, which is for local machines. If they have to have a from address with MSN in it to use the SMTP servers, just tag on a reply-to address.

      The only whining that might take a little bit of a work arround is for those folks who use a laptop from both home and from work. You need to use an ISP that can push DNS server information to you in the PPP negotiation, or a broadband connection with DNS defined by the DHCP server, so that they're getting dynamic DNS at home, and using DHCP sending DNS at work, so they have dynamic DNS there. Then, they need to put in a non-FQDN for the SMTP server.

      For example, you have someone at isp.net, and work for lame.edu. The isp has a host named smtp.isp.net which they can deliver their mail to, and you have a machine named smtp.lame.edu which the faculty [why do the faculty always complain the most?] can use when they're on campus.

      When off campus, they're using the dns servers at isp.net, and so, when sending to 'smtp', it looks up 'smtp.isp.net'. When on campus, they're using the dns servers at lame.edu, and so, 'smtp' would be 'smtp.lame.edu'.

      If you have enough users on their system, you can normally get issues pushed through to someone more signficant at the ISP, so that you can find some working solution before having the users try it. [Our university's been in talks with AOL for a week or two, as it seems that when we set up a Trend virus firewall, we opened ourselves up for third party relaying, and AOL started sporaticly dropping our e-mail when their spam traps were triggered]
      • MSN is already breaking things by insisting on a @msn.com From line. Everyone else is just trying to work around it.

        Yes, you should always just use your "local" SMTP gateway, but when the people running it are being draconian morons, you don't have many choices... and no, having official correspondence go out under @msn.com isn't an option.

        If MSN was serious about this, they'd just use several of the possible authentication methods that exist for SMTP service (IP range, SMTP-after-POP, SASL, ). It sounds like they've picked one, and only one, instead of implementing several and allowing mail to go if any of the above are met.

        Some SMTP auth links:
        http://www.thecabal.org/~devin/postfix/smtp-auth .t xt
        http://www.qmail.org/top.html (look for "authenticate")
        http://www.sendmail.org/~ca/email/auth.html
        • by oneiros27 (46144) on Wednesday October 17, 2001 @11:41AM (#2441857) Homepage
          MSN has no clue if you're sending spam through a third party relay, or if you're connecting to a legitimate authenticating mail relay, or if you're handing your own SMTP, and connecting to the proper MX.

          MSN allowing outbound port 25 connections from a dialup customer is a step backwards for spam prevention. As someone who's being affected en mass by their changing policies, your university should contact them, and inform them that they either need to make provisions for your case, or that your group will have to make sure that your users take their business elsewhere, and find an ISP that you can work with.

          If the faculty members were using their university e-mail addresses, and not their MSN one, they will have no issue in moving to a new ISP, save for the initial time in re-configuration. If they were using their local MSN e-mail address, and they're not willing to give it up, then they have to weigh the costs & benefits in switching. The only ones who are really screwed in this situation are not those that are concerned with third party relay, but wished to use some other non-MS client to read their mail from.

          Realisticly, you should be using authenticated SMTP to see if there's some prick in the dorms starting up his own little spamming business. You should not expect outside ISPs however, to allow your users to connect to the server from a dialup connection. [Hell, we don't even allow allow relaying for connections from off-campus, although, that was a recent change [this morning] due to the lack of being able to authenticate with the trend micro virus scanner in front of the SIMS mail cloud, and we're just waiting to see how many users start complaining as they didn't get the messages regarding the policy changes]
  • by Lxy (80823)
    Browsing through my spam filter, I see a lot of message from Hotmail. Microsoft contends, for whatever reason, that spam originates from everyone else. How long until users realizes that the amount of spam INCREASES once they enforce this stupid policy? How long until they realize that Microsoft's software is responsible for worms and this policy actually slows down their connection? This is absolutely rediculous.
  • by MadCow42 (243108) on Wednesday October 17, 2001 @10:25AM (#2441415) Homepage
    So, what do they do for customers who aren't using an OS that Outlook is available for?

    Not only are they forcing you to use Outlook, they're forcing you to use Windows. (I believe it's available for Mac too, yeah...).

    MadCow.
  • badly worded (Score:4, Insightful)

    by CodeMonky (10675) on Wednesday October 17, 2001 @10:25AM (#2441417) Homepage
    That sentence could be read
    "When using Outlook express, Outlook or MSN explorer you will only be able to use pop3"

    I think they need to clarify that (and I have a feeling they will if I know slashdotians).
    • Re:badly worded (Score:5, Informative)

      by gotan (60103) on Wednesday October 17, 2001 @11:50AM (#2441915) Homepage
      ... POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express

      No it couldn't. "A is only available when doing B" means: "Do B, only then A is available" and not "If you do B only A is available". Since "A" equals to POP3 here, and i see no alternative mailhandling to POP3 in the FAQ it translates to:

      Use MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express to be able to send and get e-mail.
  • Nothing New Here (Score:2, Insightful)

    by BurritoWarrior (90481)
    I believe they are talking about accessing your HOTMAIL mail account via POP3. As far as I know, as long as this service has been available, you have had to use a MS mail client, as they actually send you ads in a pane at the bottom of Outlook/OE.

    I believe there is also a workaround to block the ads, but I can't remember where I saw it.
    • I no longer have it set up, but despite MS's claims you can POP into your hotmail account with any client, no pop-ups. I can't remember the SMTP and POP3 server names though. It was pretty simple. There was a specific server name that you use, and then your UID/password. Wish I could remember that setting....
  • I've been doing it for years, to have an independant und uninterrupted news and email service when I switch ISP.

    It is hard to find a good ISP that offers a decent newsfeed these days, and email service in general is also deteriorating. IMO it is better to subscribe to mail and news at a specialized provider, and use the ISP only for access.

  • Reading stories like this makes me happy to have good DSL service here in Portland, Oregon: Qwest wiring and Hevanet.com as ISP. Hevanet also has excellent tech support.

    (Contact me for help programming your Cisco 675.)
  • by rutledjw (447990) on Wednesday October 17, 2001 @10:28AM (#2441438) Homepage
    The more star systems will slip through your fingers...

    - some girl with sticky buns on the sides of her head, Star Wars


    This has been rumored for some time. One can escape assimilation by paying an extra $10/month and going to OfficeWorks, although rumor ALSO has it that even OfficeWorks won't be safe from the Evil Empire.

    Someone mentioned getting around this. The problem is the DMCA. As I understand it, it's now illegal to do that kind of reverse engineering, i.e. the type that allowed *nix users to connect to SMB via Samba. So basically, through emrbrace and extend, MS can technically and legally exclude non-conformists.

    To switch ISPs requires a 3-week downtime. This is done to eliminate the "slamming" phenonemon that plagued Long Distace carriers. I being one of the "renegades" running an alternative OS, have been looking into alternatives.

    The problem is that I work from home (so I have between 3-5 machines networked into a DSL line) and it would create no small problem if I were to have to connect via modem for 3 weeks. Although given the alternative, I may be purchasing a modem...
  • by argel (83930) <argel@m[ ]com ['sn.' in gap]> on Wednesday October 17, 2001 @10:30AM (#2441453) Homepage
    In theory any e-mail client that supports SPA could be used. Right now that would be MSN Explorer, Outlook Express, and Outlook.
  • by knick (19201)
    This is clearly NOT a violations of anybodys rights.. This ISP is private business, and they are out-sourcing thier email hosting to another private business. And THEY have the right to impose ANY DAMN RULES THEY WANT!!.

    Just is just as much of a rights violation as:
    - Not allowing broadband users to host home servers
    - Not imposing limits on the amount of bandwidth you can use
    - Not supporting all OS's
    - Blocking ports

    It's a private business, and it's thier damn business how you use THIER network, THEIR servers, and THEIR routers.

    And, it's YOUR damn right to go elsewhere.

    Now excuse me. I have to go sue McDonalds becuase they insist on serving me Coke, and it's my right to want and get Pepsi.

    --knick
    • Forgive me if I am falling for a flaim-bait trap here.


      There is no comparison between a Private Company imposing a restriction on the services or products they provide or support and the Anti-Competative behavior of a company which prohibits the use of a competitors product when the use of such product has no conceivable relationship to or affect on the services they do provide.

    • by Flower (31351) on Wednesday October 17, 2001 @11:41AM (#2441860) Homepage
      They are leveraging a subsidiary to force users onto their products exclusively. People would have to dump or not even consider other products like Netscape, Opera, Evolution, Eudora, etc to access a basic service. If you read the FAQ you'd notice that they currently have to delay migrating the Mac users because they can't provide all the services Windows users will be getting on MSN.

      While I agree that this isn't exactly a rights issue, I complete disagree that MSN or MS can do whatever they want. The FOF has survived appeal and it is now a brave new world for MS. Every move they make is fair game for legal scurtiny. You can cry about the supposed free market all you want but that ain't the real world and in this case I'd rather nip this in the bud before MSN gets a stranglehold share in the marketplace.

  • Is anyone out there actually using this service and can they tell how the network is attempting to enforce this? Are they simply saying if you want them to provide you with an email service you must use one of their clients for the account? Or are they saying if you want to use email you must use one of their accounts (i.e. you can't use any other pop/smtp/imap email provider to collect or receive mail). Are they blocking ports? Finally if this is an anti-spam measure, why are they talking about POP? POP is for collecting mail not sending it! If they were talking about SMTP then it would make sense. Are they simply looking for a way to ensure they are filtering all email?
  • Get another ISP... (Score:2, Insightful)

    by AlgUSF (238240)
    The solution is simple enough, get another ISP. I don't even use the POP3 mail accounts my ISP provides. I use netscape webmail, and can check my e-mail everywhere. I used to use hotmail, until MSFT bought it, but I am sure I am one of the millions of people microsoft says are potential Passport members...... (Yeah Right!)
  • If you run the mail server (POP, SMTP or IMAP, etc), or you know the person who does run the mail server. Tell them to put the services on an additional port that MSN won't be blocking.

    If your using an ISP for your mail services. Ask them to put the mail server on an additional port. www.mailbank.com does this.

    If MSN is blocking low number ports, use high numbered ports.
  • by TZA14a (9984) on Wednesday October 17, 2001 @10:39AM (#2441527) Homepage
    What kind of anti-spam initiative is it that causes all the trouble? Searching for Microsoft and Anti-Spam only yields another case where it got them in trouble, Microsoft's Anti-Spam Filter Targets Competitors [bc.edu]. Though the article is old and kind of unrelated, I find it funny that Google doesn't have a single high-ranking link to a Microsoft-owned page that describes their so-called initiative. Given how they're yapping for every piece of positive PR, how come they're not advocating their exceedingly consumer-friendly initiative a bit more publicly?
    Now, if this weren't Microsoft, who brought us everything that is good, I'd say the whole thing is just an outright lie.

  • by tenzig_112 (213387) on Wednesday October 17, 2001 @10:48AM (#2441552) Homepage
    I found this interesting and more than a little amusing:


    http://www.ridiculopathy.com/news_detail.php?displ ay=20011016 [ridiculopathy.com]


    Computer science researchers at Carnegie Mellon University announced that they have discovered a security hole in Microsoft Outlook that allows a specific strain of Anthrax to be sent via e-mail.


    Even with the "preview attachments" feature disabled, the tainted message creates a physical manifestation of the disease and infects the user.


  • by Fez (468752) on Wednesday October 17, 2001 @10:54AM (#2441568)
    Seems like having an SSH tunnel to your favorite mail server would be ideal. At least my main mail server I can SSH to, and others I could forward there.

    And of course if you are tunneling to your mail server directly, pop3 being in plaintext isn't such a problem. If it'd work with other authentication means, I don't know. However, it seems to me like a good alternative.

  • by pipeb0mb (60758) <pipeb0mb&pipebomb,net> on Wednesday October 17, 2001 @10:56AM (#2441583) Homepage
    Simple Solution:

    For the SMTP server, use:
    "macsmtp.email.msn.com"
    and your normal user/pass .

    They don't have it working right for Mac clients; tada.

    I've been using this for about 2 months now on my Windows and Linux machines and it works great.

    Personally, I am more concerned with why I can't send mail to anyone using AOL/Walmarts ISP: wmconnect.com .

  • Old news (Score:3, Informative)

    by Mike Schiraldi (18296) on Wednesday October 17, 2001 @11:09AM (#2441659) Homepage Journal
    I reported this [slashdot.org] back in June.
  • 99 Trial Baloons (Score:3, Interesting)

    by RickMuller (134647) on Wednesday October 17, 2001 @11:22AM (#2441748) Homepage
    MS has a history of presenting patently ridiculous restrictions as trial baloons that they retract when hit with opposition. I don't think the way to respond to this is to figure out a hack that will convince MSN you're running Outlook, etc., but to contact Qwest (or MSN?) customer support and tell them that if they want to continue receiving $$ from you they have to support something other than Outlook, etc. Enough broadband companies have gone out of business recently that they'll think twice before alienating customers.


    What we need is an electronic version of the Amnesty International letter writing tables. People could log in, get presented with a list of the most eggregious offenses against free and open software, and have the links to send polite emails to those companies asking them to change their practices. Maybe this type of approach would have kept Congress from passing DMCA...

  • by trilucid (515316) <pparadis@havensystems.net> on Wednesday October 17, 2001 @12:20PM (#2442095) Homepage Journal

    As part of our ongoing effort to reduce junk emails to our loyal customers, the Microsoft abuse management team has created a new "real-time black hole" domain block list. This list is used to check all mail routed through our servers (increased in volume thanks to our new deal with Qwest) for known spammer domain names.

    You may be interested to note that leading this list are the following notorious domains. These sites should be avoided for the protection of our revenue stream... errr... customers:

    • Netscape.com
    • Redhat.com
    • Linux.org
    • Sun.com
    • Apple.com
    • Slashdot.org


    Additionally, our upcoming Microsoft World Browser will include protection against websites hosted at these domains. Thank you for your cooperation as we work to improve your user experience on the web.

    Sincerely,

    Microsoft Support

  • by Fencepost (107992) on Wednesday October 17, 2001 @12:24PM (#2442118) Journal
    If you have friends, family, etc. that are using just an ISP-based email address, this is one more way to point out to them the advantages of either a personal domain or a mail forwarding service for permanent non-ISP email addresses.

    Neither one really requires technical knowledge to use, both are cheap (avoid the free mail forwarding services - if they're not making money, they're not going to be "permanent"), and they're generally simple to set up particularly if all you need is to have mail forwarded to your current ISP. ISP gets bought out? New terms are something you don't like? Switch ISPs. Once you're set up with your own address, the ISP just becomes a bandwidth provider.

  • Uh.... (Score:5, Interesting)

    by Scoria (264473) <slashmail@in[ ]alized.org ['iti' in gap]> on Wednesday October 17, 2001 @01:08PM (#2442338) Homepage
    How is it advantageous to force users to use Outlook for mail retrieval in order to prevent spam?

    There may be some decent reason to do it with SMTP, but not with POP. That's simply an excuse to restrict their users to their product...
  • by narfbot (515956) on Wednesday October 17, 2001 @03:06PM (#2442961)
    Here is my report on Qwest/MSN-you know what they are doing in my area, Phoenix. It is all truthfull, please read. Be sure to check the end of this post for an article on more information.

    I am currently a Qwest customer in Phoenix, and have more details on the current situation.

    Back in March, I signed up for Qwest DSL Select, which is a $20 per month DSL line at 640 Kbps, 272 Kbps guarenteed. Once connected, you are "always on". You are not guarenteed to connect but once your on you can remain on no matter how long it is. I also pay $20 for the Qwest DSL ISP which is now owned by MSN.

    Over the summer I was charged for the DSL modem which was supposed to be free as a promotional gift. Additional charges were also added for services I did not pay for. It took two months to get the charges off and many long phone calls with people saying like "I don't know how to do this," or "I don't think my supervisor will allow."

    A week and a half ago, Qwest started disconnecting my "always on" connection after each two hours of connectivity. Then there was a five minute (I call it a penalty) to wait until I could connect again. I downloaded a connection manager, and set it up to disconnect me automatically after every 1 hr 50 mins, and then immediately reconnect. It cuts out the stupid 5 minute wait. I do this for two reasons, downloading and gaming, those are very sensitive to 5 minute lags of course. 10 second reconnects are a miniscule problem in comparison. However I found that I am still getting disconnected every half-hour (with out the 5 minute penalty) and its still annoyed the heck outta me

    After the first 5 days of this, I call in asking whats going on, this is not the service I originally agreed to. They say it is part of the plan, but if I didn't like it, I could switch to MSN ($20 a month, which I know still disconnects my uncle tells by the way) and the "regular" DSL for 32.50 a month. HUH? Its the same 640 Kbps line an MSN? what kind of switch is that?

    So as you can see they're trying to harrass us into paying more. This was not happening a week ago. To fix this problem I was very smart. I ordered on the day after I called the COX INTERNET and DIGITAL TELEPHONE for $40 dollars a month (you have to buy your own cable modem). In comparison you pay $72 a month with qwest for broadband DSL and phone. They were advertising that on the radio today like it was something great and I know it isn't YOU'RE PAYING about $15 dollars a month more than I have been. IT'S A SCAM. THANKFULLY, I'm getting COX in exactly one week, yes I'm counting those days. I urge every switch to COX now to show them how bad they are.

    Now that I told you that, check out the Arizona Republic article [arizonarepublic.com]. It tells about the scams Qwest is involved in here and Microsoft is also to blame now seeing the new information on SlashDot. They're like about the worst companies around. I know six other people have switched in the the phoenix area to COX because of the same reasons! Share this information because it's true.
    • Although you have some interesting points you have factual errors on several.

      First, the select plan is not an always on plan. Only Delux is. It's always been that way, even when DSL first came out. The differences between Select and Delux and clearly indicated on the web page. What the sales weasel might have told you on the other hand isn't as clear.

      How the DSL circuit works has nothing to do with your ISP. The ISP has no contol over the DSLAM, which is what is disconnecting you. So if you don't like MSN, get a local ISP with DSL, most markets have AT LEAST 40+ choices for your ISP.

      I have Qwest DSL, I don't use Qwest as my ISP. My connection has been flawless over the last year.
  • by Jimithing DMB (29796) <dfeNO@SPAMtgwbd.org> on Wednesday October 17, 2001 @07:54PM (#2444540) Homepage

    I recently got laid off at a leading teleservices corporation that did technical support for MSN. This is because they completely dropped the contract with MSN (for what reasons I have only heard speculation and will not repeat here). I can assure you though that it was not because our standards were not good. Although it sounds like I am tooting my own horn we had probably the best call-center for all MSN service judging by the number of people calling back with ticket numbers started by people in other centers. I also judge this by the way the people wrote up their tickets without specifying what in the hell they did forcing me to go back through all the troubleshootings steps. (end rant)

    First of all, MSN has two types of mail. They have the "legacy" POP3 system and the new web-based e-mail. You can find this information at MSN Support Services [msn.com].

    Web-based mail is kind of like what it sounds. It uses the same mechanism (XML over HTTP) that Outlook Express >=5 uses to access hotmail. However the server for @msn.com accounts is different from the server for @hotmail.com accounts. If you have an @msn.com web-based account you can go to http://supportsevices.msn.com/us/oeconfig/ to configure OE and then go to tools accounts and read the server name out of there. Note, this is also true for free @msn.com accounts. Note that only Outlook Express 5 or greater or Outlook XP can use this mail. Obviously MSN Explorer and the hotmail.com website itself are compatible with this.

    Anyway, it seems the real issue is that these people would like to use their new MSN POP3 accounts with e.g. fetchmail. To correctly configure Outlook Express for MSN POP3 e-mail you must use the outgoing (POP3) server of pop3.email.msn.com (go figure) or the incoming (SMTP) server of smtp.email.msn.com. Furthermore you must select the "Log on using Secure Password Authentication" option as well as select the option under Outgoing Mail server that "My server requires authentication". You then must press the settings button and be sure it is using the same settings as the outgoing mail server. That is it logs on using SPA with the same U/P as the POP3 server.

    Because of this MSN states that you MUST use Outlook to get your MSN POP3 mail. This is not entirely correct. What you must have is a client that supports SPA. Why is MSN doing this? MSN's reason: to reduce SPAM. However they tell customers simply this because most of their customers are rather computer illeterate (especially the former AOL lusers). The real reason is that since they contract out Dial-up Points of Presences (Pops, not to be confused with POP3 e-mail) that either A) they must use the POP3 before SMTP hack, or B) You must login to the SMTP server to send mail. If they didn't do this then any jackass dialing into one of those POPs even with another ISP would be able to send tons of SPAM through MSN servers. There have been plenty of /. articles about this before and anyone familiar with how contracted out POPs interfere with the ability to allow SMTP access to only your subscribers should know what I am talking about.

    Now, MSN /could/ have simply kept the plaintext login POP3 and only required you to use a plaintext login for SMTP. However they decided that not only should they require a login for SMTP but at the same time they should require secure password authentication for both POP3 and SMTP. In other words, if they were going to have to have people change their Outlook mail settings they might as well knock out the ability of people to sniff the packets and retrive their users passwords while they are at it.

    Problem is that apparently SPA in Outlook is an MS specific thing. Well, what do you want them to do. The only way for outlook to support not sending the login in cleartext is to use SPA. So therefore they enabled SPA on their mailservers and disabled clear-text logins. Of course theoretically they could include some other more open method of secure password authentication for use with other clients, or they could open up the MS SPA protocol. Or they could just say the hell with it because they only officially support MSN using MS software on Windows OSes (which actually does NOT include WinCE, you must contact your OEM for WinCE support with MSN).

    Basically all that needs to be done is for other mail clients to support MS SPA. How to do this I am not really sure as I have not put much thought into it as I don't use MSN myself except for free accounts. All the free accounts use hotmail based e-mail.

    There is of course another option. You could always "upgrade" your account to web-based from POP3 and then either go to the hotmail website to get your e-mail or use Outlook Express >=5 or Outlook XP to get your email in a real mail client (if you can call Outlook a real mail client, but hey, at least's it better than www.hotmail.com). There does exist a script (PERL I think) for retrieving mail from hotmail but I have looked at that code and it is really really crappy (apologies to the guy who wrote it, but I am sure he also knows that it is nothing more than a quick hack). Theoretically there is no reason that Evolution should not support the MS HTTPmail protocol. Turn on HTTP logging in the Advanced tab of OE properties and then open up the log in notepad. You will notice that the schema is relatively easy to figure out even though to the best of my knowledge it is not published anywhere. Evolution already uses XML extensively and has all of the framework necessary for parsing XML. I assume it also has the framework necessary for accessing an HTTP server in general. Therefore it should be rather trivial to write an MS HTTPmail backend for Evolution. In fact, I am surprised that no one has done so (I guess none of the developers use hotmail). I have toyed with the idea of doing one myself but 1) I use balsa, and 2) I have not done any programming with XML. However now that evolution is fairly stable I may go ahead and write this. Hell, I don't have anything pressing to do until Monday except clean the garage so we'll see. There's never a bad time to learn more programming techniques, and XML is one of the most popular things today so not only would I personally benefit from learning XML but also benefit with being able to access hotmail from evolution. And note well... if I do write this I do intend to support the advertisement properties as best as possible (i.e. opening up a small frame at the bottom and displaying a webpage in it). I know it seems stupid, but hey, they deserve to get paid even if they are MSN. And if anyone really wants to they can just change the code later to take out the ads.

    Anyway, I hope this clears up a lot of the confusion people are having with this. I see at this point over 600 comments have been posted, a few reasonable, most along the lines of fsck Microsoft. People, I hate MS as much as everyone here. They are theives and crooks and must be beaten. However, as the cliche says: You catch more flies with honey than with vinegar. The only way MS will be beaten is when people stop bitching about them and just go do better than them. Every time I bitch about MS to my mother she reminds me: Then go write something better. While everyone has argued this point to death the bottom line is that in some respects MS software is "better" than open-source/free software. Even if only in the marketing sense of better.

    -Dave

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (2) Thank you for your generous donation, Mr. Wirth.

Working...