MSN Forces Outlook POP 729
Phoenix-D writes: "Qwest.net, my Phoenix-area DSL provider and ISP, recently decided to hand over their ISP buisness to MSN. No huge deal, right? Well, check out this blurb: 'Due to the Microsoft anti-spam initiative, customers are restricted to use their mail services. Therefore, POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express.'" Awesome. Microsoft's Anti-Spam initiative forces POP users to use the primary sender of mail worms.
are you sure? (Score:2, Informative)
Personally I would complain to your ISP about the lack of service for non-MS clients (if this is truly the case).
You're not forced to use it (yet) (Score:5, Informative)
Currently, the plan is to transition those customers who:
Have Qwest.net Internet Access using an analog dial-up line, Qwest DSL 256, Qwest DSL Select, or Qwest DSL Deluxe connection and,
Use the Windows operating system.
MAC Customers: MSN is working on a MAC solution for your Internet access needs. Until that time, there will not be any changes to your Qwest.net Internet Access service.
No mention of Linux, but I'd assume they'll treat non-Windows the same (until they have a Mac-only fix, of course).
Hmmm - taking a second look at the capitalization on "MAC", it looks like they don't have a "solution" for anyone using a network card
Re:Fool the system? (Score:3, Informative)
Q: Will I still be able to use my Qwest.net e-mail account after I transition my account to MSN®?
A: No. When you begin the MSN transition process, you will be given the one time option of forwarding your Qwest.net primary e-mail account to your new MSN e-mail address. Additionally, you will have the choice to activate an auto reply feature that automatically sends your new MSN e-mail address back to anyone who sends an e-mail message to your old Qwest.net e-mail address. These e-mail features will be in place for at least 18 months from the date you transition your account to MSN Internet Access
Third Party smtp (Score:5, Informative)
SPA (Score:5, Informative)
Comment removed (Score:3, Informative)
Re:Third Party smtp (Score:2, Informative)
MSN requires Secure Password Authentication (Score:5, Informative)
Comment removed (Score:2, Informative)
Even funnier... (Score:4, Informative)
Q: What does the MSN® and Qwest® alliance mean to me?
A: Under the agreement, MSN will become the preferred Internet Service Provider (ISP) for some Qwest.net Consumer Internet Access customers. Qwest and Microsoft® are working together to provide consumers with best-of-breed MSN content and services via Qwest's Internet infrastructure. Customers will benefit from this joint offering in many ways including... (emphasis added)
Ummm...according to the Consumer Reports Sept. 2001 issue, MSN was rated as the worst Internet provider.
Nice to see that Microsoft not only squeezes the consumer, limits choice, but also engages in bald-faced lying!!
With DSL it's different (Score:1, Informative)
Qwest has a stranglehold on DSL in their areas - you have
to give them at least 50% of the DSL charges, even if you
use another ISP. It is similar to per-processor charges that
Microsoft used to use.
Qwest even goes so low as to "slam" customers away from
other ISP's. It happened to me several times during the
summer. I'm not sure if they targeted me due to Linux or
what.
Re:I don't get it... (Score:5, Informative)
They are probably switching the POP3 servers to SAP, then setting SMTP servers to only allow mail from that IP after a POP3 check is successful (and for a small window of time). It's how Gateway.net (a UU.Net based solution like MSN) did it a while back, but without the SAP.
SMTP over SSL (Score:1, Informative)
Re:are you sure? (Score:5, Informative)
Anyway, IIRC (it's been 2 years and I've probably only booted MS-Windows a handful of times since then), somewhere in the mail options for Outlook Express (and Outlook too, I would imagine) there is a checkbox for an option that states something like, "Use Secure Password Authentication (SPA)?" I was never able to find out much information about this Secure Password Authentication stuff, but from what I can tell, it's a proprietary protocol. I had found a short mini-HOWTO-like document that described using MSN under Linux and it made mention of this. I could dial up and login to MSN under Linux (I had to specify the username in a particular way in my dialup scripts, dialed up to UUnet). I could even send email; they just used straight SMTP. What I could not do was receive email, as this required the previously-mentioned SPA.
So, besides the fact that everybody already knew, that this won't stop spam unless they block outbound port 25 to all hosts, you can still send mail through their servers any way you like. The problem is actually getting to the mail you receive.
(Addendum: After I started working for an ISP a few months later and was getting free dialup, I stopped sending in payments. They cut me off after a couple of months but never came after me for the $400.)
Change your ISP... (Score:2, Informative)
The solution is very very simple. When you sign up for QWest DSL, tell 'em you want to use a different ISP. You don't *have* to use MSN. Already have MSN? Call QWest and ask 'em to change your ISP. It's just that simple. All QWest provides is a high speed route to the ISP of your choice.
Um... (Score:2, Informative)
I called, and the rep told me you have to be using Microsoft's OS if you want to subscribe to their new MSN service. You can still have a regular Qwest account.
So what's all the hooplah about?
Re:already slashdotted? Well how can they tell (Score:5, Informative)
Re:What right's infringed here? (Score:3, Informative)
If anyone lives in the denver/boulder area, I would suggest netrack.net [netrack.net], they have reasonable rates and they don't care if you resell the bandwidth, so I've set up a wireless network in my area and I'm charging other people to use it, works like a charm
Just another reason to be SSH tunneling (Score:3, Informative)
And of course if you are tunneling to your mail server directly, pop3 being in plaintext isn't such a problem. If it'd work with other authentication means, I don't know. However, it seems to me like a good alternative.
Re:Third Party smtp -- is BAD (Score:4, Informative)
Odds are, it's not based on the from address, but based on the originating IP address. [as to just allow 'from: *@msn.com' is setting themselves up as a third party relay for messages with forged headers.] It may also not be MSN, but it may be UUNet, who I believe MSN rents POPs from.
Now, for the solution -- tell the faculty to follow the instructions from their ISP for their home machines, not the instructions from the university, which is for local machines. If they have to have a from address with MSN in it to use the SMTP servers, just tag on a reply-to address.
The only whining that might take a little bit of a work arround is for those folks who use a laptop from both home and from work. You need to use an ISP that can push DNS server information to you in the PPP negotiation, or a broadband connection with DNS defined by the DHCP server, so that they're getting dynamic DNS at home, and using DHCP sending DNS at work, so they have dynamic DNS there. Then, they need to put in a non-FQDN for the SMTP server.
For example, you have someone at isp.net, and work for lame.edu. The isp has a host named smtp.isp.net which they can deliver their mail to, and you have a machine named smtp.lame.edu which the faculty [why do the faculty always complain the most?] can use when they're on campus.
When off campus, they're using the dns servers at isp.net, and so, when sending to 'smtp', it looks up 'smtp.isp.net'. When on campus, they're using the dns servers at lame.edu, and so, 'smtp' would be 'smtp.lame.edu'.
If you have enough users on their system, you can normally get issues pushed through to someone more signficant at the ISP, so that you can find some working solution before having the users try it. [Our university's been in talks with AOL for a week or two, as it seems that when we set up a Trend virus firewall, we opened ourselves up for third party relaying, and AOL started sporaticly dropping our e-mail when their spam traps were triggered]
Re:SPA (Score:5, Informative)
hmm, that is likely what they *want* - but I doubt that is the case. somebody knows it, and plenty of people could reverse engineer it - there likely just wasn't the need or desire - until now. I have a feeling it won't be long at all until there is an easy way around this.
my easy way around it is not allowing anything msn on my system. (I installed winXP on my computer and even though I disabled msn in all the menus, it ignored all that and still took over and came up all the time - I finally just killed it by deleting its files and all references to it in the registry... amazing how quiet it got after that) - I hate real player for the exact same reason (it asks what you want to do in the menu system, you tell it, and then it goes and ignores that and does what it wants anyway, which is usually to assume command of all file associations regardless of what you asked it to do)
How to avoid this crap: (Score:5, Informative)
For the SMTP server, use:
"macsmtp.email.msn.com"
and your normal user/pass .
They don't have it working right for Mac clients; tada.
I've been using this for about 2 months now on my Windows and Linux machines and it works great.
Personally, I am more concerned with why I can't send mail to anyone using AOL/Walmarts ISP: wmconnect.com .
What are you smoking?!?!?! (Score:1, Informative)
Huh?!?!?! Can you attempt to explain to me how collecting your email has anything to do with sending email
IIRC, spammers like to get on POP3 servers
You don't RC.
Spam has NOTHING to do with the POP3 protocol. You can't get a list of "valid mailboxes" by using POP3 - unless the server is broken and sends a different error for "user unknown" instead of "bad password" (for security reasons, both errors should return the same message.) - but why you think a spammer would use such a method (which is technically "cracking", and could land them BIG-TIME in trouble with the FBI) instead of using an SMTP Rumplestiltskin attack is beyond me...
In short, you have absolutely no clue what you're talking about, and should shut the hell up.
Re:uh, isn't pop3 open? (Score:5, Informative)
POP3is a lovely protocol but it has one terrible disadvantage: It's a download only process. Oh sure email can be left on the server but there's no flagging, folders, etc. possible.
IMAP4 is an interesting protocol. Many developers (Steve Dorner [qualcomm.com] of Eudora being a notable [cyrusoft.com] one) complain that IMAP makes too many assumptions about how folks are implementing it, the underlying system, etc. On the other hand it works well at this point for managing remote mailboxes, setting flags, folders, partially downloading messages, etc.
So why one over the other? POP is fine for tied-to-one machine folks. You get your mail, you download it, it's your problem. IMAP is suited to those who work from multiple machines or prefer the security of their email being kept on a server.
Guess which population is growing? More importantly guess which population corporate types are part of?
As an email administrator which would you prefer to work with:
Now you see why MS supports IMAP: Their customers really pushed hard for it. Is it part of some big MS-conspiracy? Possibly but there's no good evidence and certianly no rationale.
Furthermore IMAP doesn't give a whit about "Mailer Type" (if it even has such a thing as an option in it's protocol which I doubt.) MS is using their encrypted login as a means to enforce this, nothing so trivially hackable as a client ID string.
Actually encrypted logins are a Good Thing. It's just unfortunate MS is using them as a club to force folks to use only their email products and not supporting industry standard login strategies.
So now we have AOL, the largest ISP requiring their email client (there were trials years ago with opening it up, indeed Claris Emailer still does so though the application was EOL'd 3 years ago by Apple) and now MSN doing the same. Indeed in spite of the fact that there are now perfecty good clients and secure ways of working these folks want to go back to the old "lock 'em in" strategy.
Old news (Score:3, Informative)
Re:if they really wanted to stop spam (Score:4, Informative)
Never had a single spam in it... until two days after I signed up for the Passport (being careful to uncheck the "share my information" boxes) and began using it (only to sign into Windows Messenger).
It has gone from 0 spam/day to 6-8 spam/day, in less than one week.
I've now blackholed that email address and cancelled the Passport. I've also created a new Passport with a poisoned address (passport@DOMAIN.TLD). If I receive spam to it, I'll know those whores sold it off, even though I specifically selected not to have that done.
fuck msn (Score:1, Informative)
Re:SPA (Score:2, Informative)
Forte Agent supports SPA and I believe that Eudora is working to add SPA support.
The APIs for using SPA are located on MSDN.
Re:Just another reason to be SSH tunneling (Score:5, Informative)
Try here [sunysb.edu], here [uoregon.edu], or here [google.com] for information and links on SSH tunneling. The second one (on uoregon.edu) actually covers doing it for e-mail.
Re:I don't get it... (Score:3, Informative)
You meant SPA (Secure Password Authentication) [cewindows.net], right?
Why SPA, when there is SMTP AUTH [RFC 2554] [faqs.org]?
Re:badly worded (Score:5, Informative)
No it couldn't. "A is only available when doing B" means: "Do B, only then A is available" and not "If you do B only A is available". Since "A" equals to POP3 here, and i see no alternative mailhandling to POP3 in the FAQ it translates to:
Use MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express to be able to send and get e-mail.
Re:Third Party smtp (Score:2, Informative)
Re:Change your ISP... (Score:2, Informative)
When I called and asked them to change the ISP on my DSL line, the a-hole I talked to put in an order to disconnect my DSL and phone service. He had no idea that you could have Qwest DSL with another ISP. Arrrrrghhhhh.
You don't know the shit we've had to deal with with Qwest!
Re: SPA (Score:5, Informative)
1. Open c:\Windows\inf\sysoc.inf in Notepad.
2. Type Ctrl-H
3. Enter ",hide," in the Find What edit window.
4. Enter ",," in the Replace With edit window.
5. Click Replace All
6. Open Add/Remove Programs from the Control Panel
7. Select Add/Remove Windows Components
8. Uninstall Windows Messenger
And no, she'll never come back.
Re:It could be worse (Score:2, Informative)
To make matters worse, they just put a cap on their news-servers of 128 Kbps, although I've yet to talk to another user who can get above a 5 or 6 Kbps download from the news-server.
If DirecTVDSL is your only option, then I guess you might have to, but if you have a choice, don't pick 'em! Just the $0.02 of a slightly disatisfied DirecTVDSL customer...
Re:It could be worse (Score:1, Informative)
Re:Fool the system? (Score:1, Informative)
MS doesn't need to embrace/extend POP3 -- it's a legacy protocol. Instead see the Hotmail interface in OE which uses some sort of HTTP-based method of getting the same results.
SPA apparently is a 'standard', although I can't seem to find anything about it.
Re:the more you tighten you grip (Score:1, Informative)
Services eligible for migration include only Qwest.net consumer customers with the internet access package using PC Windows operating systems in conjunction with either:
Analog
Select DSL
DSL 256 (bi-directional) and
Deluxe DSL services
Macintosh users will migrate in the near future.
Qwest.net services excluded from migrating include:
BrowseNow users
Qwest.net OfficeWorks users
Qwest.net OfficeWorks LAN users and
Qwest DSL Pro users
Following account verification with Qwest databases, the customer completes the remaining transition screens to establish their new MSN account. Fields required for input include:
New MSN e-mail name
Option to select e-mail forwarding and auto-reply (if desired)
Acceptance of MSN Internet Access Subscription Agreement
Etc.
Upon successful completion of the various migration screens, the customer will receive a confirmation web page with their account information. Customers will also be given the option to immediately download the latest MSN Internet Access software or elect to receive the software CD via the mail within 5 to 10 days. Once that software is installed, the customer can begin using their new MSN account. In the meantime, the customer's Qwest.net account is still operational for 10 business days. The customer will begin receiving charges for their new MSN service on their local phone bill just as they have previously for their Qwest.net account.
(Note: Customer's with personal web pages associated with their Qwest.net service should be encouraged to use these first 10 days following voluntary
How to set up mail with MSN (Score:5, Informative)
I recently got laid off at a leading teleservices corporation that did technical support for MSN. This is because they completely dropped the contract with MSN (for what reasons I have only heard speculation and will not repeat here). I can assure you though that it was not because our standards were not good. Although it sounds like I am tooting my own horn we had probably the best call-center for all MSN service judging by the number of people calling back with ticket numbers started by people in other centers. I also judge this by the way the people wrote up their tickets without specifying what in the hell they did forcing me to go back through all the troubleshootings steps. (end rant)
First of all, MSN has two types of mail. They have the "legacy" POP3 system and the new web-based e-mail. You can find this information at MSN Support Services [msn.com].
Web-based mail is kind of like what it sounds. It uses the same mechanism (XML over HTTP) that Outlook Express >=5 uses to access hotmail. However the server for @msn.com accounts is different from the server for @hotmail.com accounts. If you have an @msn.com web-based account you can go to http://supportsevices.msn.com/us/oeconfig/ to configure OE and then go to tools accounts and read the server name out of there. Note, this is also true for free @msn.com accounts. Note that only Outlook Express 5 or greater or Outlook XP can use this mail. Obviously MSN Explorer and the hotmail.com website itself are compatible with this.
Anyway, it seems the real issue is that these people would like to use their new MSN POP3 accounts with e.g. fetchmail. To correctly configure Outlook Express for MSN POP3 e-mail you must use the outgoing (POP3) server of pop3.email.msn.com (go figure) or the incoming (SMTP) server of smtp.email.msn.com. Furthermore you must select the "Log on using Secure Password Authentication" option as well as select the option under Outgoing Mail server that "My server requires authentication". You then must press the settings button and be sure it is using the same settings as the outgoing mail server. That is it logs on using SPA with the same U/P as the POP3 server.
Because of this MSN states that you MUST use Outlook to get your MSN POP3 mail. This is not entirely correct. What you must have is a client that supports SPA. Why is MSN doing this? MSN's reason: to reduce SPAM. However they tell customers simply this because most of their customers are rather computer illeterate (especially the former AOL lusers). The real reason is that since they contract out Dial-up Points of Presences (Pops, not to be confused with POP3 e-mail) that either A) they must use the POP3 before SMTP hack, or B) You must login to the SMTP server to send mail. If they didn't do this then any jackass dialing into one of those POPs even with another ISP would be able to send tons of SPAM through MSN servers. There have been plenty of /. articles about this before and anyone familiar with how contracted out POPs interfere with the ability to allow SMTP access to only your subscribers should know what I am talking about.
Now, MSN /could/ have simply kept the plaintext login POP3 and only required you to use a plaintext login for SMTP. However they decided that not only should they require a login for SMTP but at the same time they should require secure password authentication for both POP3 and SMTP. In other words, if they were going to have to have people change their Outlook mail settings they might as well knock out the ability of people to sniff the packets and retrive their users passwords while they are at it.
Problem is that apparently SPA in Outlook is an MS specific thing. Well, what do you want them to do. The only way for outlook to support not sending the login in cleartext is to use SPA. So therefore they enabled SPA on their mailservers and disabled clear-text logins. Of course theoretically they could include some other more open method of secure password authentication for use with other clients, or they could open up the MS SPA protocol. Or they could just say the hell with it because they only officially support MSN using MS software on Windows OSes (which actually does NOT include WinCE, you must contact your OEM for WinCE support with MSN).
Basically all that needs to be done is for other mail clients to support MS SPA. How to do this I am not really sure as I have not put much thought into it as I don't use MSN myself except for free accounts. All the free accounts use hotmail based e-mail.
There is of course another option. You could always "upgrade" your account to web-based from POP3 and then either go to the hotmail website to get your e-mail or use Outlook Express >=5 or Outlook XP to get your email in a real mail client (if you can call Outlook a real mail client, but hey, at least's it better than www.hotmail.com). There does exist a script (PERL I think) for retrieving mail from hotmail but I have looked at that code and it is really really crappy (apologies to the guy who wrote it, but I am sure he also knows that it is nothing more than a quick hack). Theoretically there is no reason that Evolution should not support the MS HTTPmail protocol. Turn on HTTP logging in the Advanced tab of OE properties and then open up the log in notepad. You will notice that the schema is relatively easy to figure out even though to the best of my knowledge it is not published anywhere. Evolution already uses XML extensively and has all of the framework necessary for parsing XML. I assume it also has the framework necessary for accessing an HTTP server in general. Therefore it should be rather trivial to write an MS HTTPmail backend for Evolution. In fact, I am surprised that no one has done so (I guess none of the developers use hotmail). I have toyed with the idea of doing one myself but 1) I use balsa, and 2) I have not done any programming with XML. However now that evolution is fairly stable I may go ahead and write this. Hell, I don't have anything pressing to do until Monday except clean the garage so we'll see. There's never a bad time to learn more programming techniques, and XML is one of the most popular things today so not only would I personally benefit from learning XML but also benefit with being able to access hotmail from evolution. And note well... if I do write this I do intend to support the advertisement properties as best as possible (i.e. opening up a small frame at the bottom and displaying a webpage in it). I know it seems stupid, but hey, they deserve to get paid even if they are MSN. And if anyone really wants to they can just change the code later to take out the ads.
Anyway, I hope this clears up a lot of the confusion people are having with this. I see at this point over 600 comments have been posted, a few reasonable, most along the lines of fsck Microsoft. People, I hate MS as much as everyone here. They are theives and crooks and must be beaten. However, as the cliche says: You catch more flies with honey than with vinegar. The only way MS will be beaten is when people stop bitching about them and just go do better than them. Every time I bitch about MS to my mother she reminds me: Then go write something better. While everyone has argued this point to death the bottom line is that in some respects MS software is "better" than open-source/free software. Even if only in the marketing sense of better.
-Dave
Re:I don't get it... (Score:2, Informative)
Workaround: Seperate email password from Shell password. That prevents shell exploits, but unfortunatly, for sending, I still have to resort to site-based access rules.
Re:I am a Qwest customer and have more info. (Score:3, Informative)
First, the select plan is not an always on plan. Only Delux is. It's always been that way, even when DSL first came out. The differences between Select and Delux and clearly indicated on the web page. What the sales weasel might have told you on the other hand isn't as clear.
How the DSL circuit works has nothing to do with your ISP. The ISP has no contol over the DSLAM, which is what is disconnecting you. So if you don't like MSN, get a local ISP with DSL, most markets have AT LEAST 40+ choices for your ISP.
I have Qwest DSL, I don't use Qwest as my ISP. My connection has been flawless over the last year.