Slashdot Mirror
MSN Forces Outlook POP
Phoenix-D writes: "Qwest.net, my Phoenix-area DSL provider and ISP, recently decided to hand over their ISP buisness to MSN. No huge deal, right? Well, check out this blurb: 'Due to the Microsoft anti-spam initiative, customers are restricted to use their mail services. Therefore, POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express.'" Awesome. Microsoft's Anti-Spam initiative forces POP users to use the primary sender of mail worms.
From the article :
:)
Currently, the plan is to transition those customers who:
Have Qwest.net Internet Access using an analog dial-up line, Qwest DSL 256, Qwest DSL Select, or Qwest DSL Deluxe connection and,
Use the Windows operating system.
MAC Customers: MSN is working on a MAC solution for your Internet access needs. Until that time, there will not be any changes to your Qwest.net Internet Access service.
No mention of Linux, but I'd assume they'll treat non-Windows the same (until they have a Mac-only fix, of course).
Hmmm - taking a second look at the capitalization on "MAC", it looks like they don't have a "solution" for anyone using a network card
Last post!
They probably check to see if you're sending out 300 copies of the latest email worm.
Well, it loaded now, but it's slow.
Any way, how can the tell what POP3 you're using? And why would POP3 stop spam? Wouldn't SMTP be where the action is? (I'm assuming that's what they mean). Are they looking at headers (easily emulated by spamware, ineffective) or some other signature? And I don't see how this will stop spam, anything like that is easily emulated. More and more stupidity.
funny munging
I can't imagine a better example of anti-competitive practices. MS is going to force people who never selected them as an ISP to use MS software in a manner that does not at all aid "anti-spam initiatives" and, as the post pointed out, will almost certainly make related problems even worse. How on earth does *anything* related to what client is used to access a POP3 server effect spam??? SMTP would at least seem in the ballpark, but POP?
Send them a snail-mail to MSN stating that you are an employee of a firm that makes a commercial e-mail client that competes with Outlook. Ask MSN to provide to you, in writing, a statement about the use of non-Microsoft e-mail clients on MSN. Make sure to suggest that this be handled by their lawyers.
If you want to really get their sphincters to pucker, send a copy to the Justice Department.
Correct me if I'm wrong, but POP is a way to *retrieve* email. How does the client that you're using to *retrieve* your mail matter when it comes to spam? Granted, OE has some mail filters that can be used, but so do other clients (procmail anyone?).
I could see this being legit if, somehow, it prevented the SENDING of spam...but it seems like, if anything, it could only possibly prevent your receiving it...that's like telling someone...well, i don't know what that's like telling someone, because it just seems ridiculous...
Juiced? Or Not?
When you sign up for a passport id with a hotmail account they wouldn't sell that address to everyone under the sun.
I signed up for hotmail before MS ever took it over. I never used the email address in any form online, never even had any mail to it. I basically just had it because. After MS took over it litterally filled the account with junk mail.
telnet popserver.msn.com 110
user user
pass password
list
Replace popserver.msn.com with the actual pop3 server. I have no clue what it actually is.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
They don't allow third party smtp server either. This has caused us aa bit of a hassle as we have a lot of faculty that want to use our mail server to send mail (with authentication of course) but MSN blocks all connections to a third party smtp server and if you don't use a @msn.com type address as the From it doesn't allow it either.
--"Karma is justice without the satisfaction"
Outlook uses Secure Password Authentication (SPA). Some weird protocol that only microsoft knows. No other programs that I am aware of support it.
In theory any e-mail client that supports SPA could be used. Right now that would be MSN Explorer, Outlook Express, and Outlook.
-- Argel
Now, if this weren't Microsoft, who brought us everything that is good, I'd say the whole thing is just an outright lie.
Anyway, IIRC (it's been 2 years and I've probably only booted MS-Windows a handful of times since then), somewhere in the mail options for Outlook Express (and Outlook too, I would imagine) there is a checkbox for an option that states something like, "Use Secure Password Authentication (SPA)?" I was never able to find out much information about this Secure Password Authentication stuff, but from what I can tell, it's a proprietary protocol. I had found a short mini-HOWTO-like document that described using MSN under Linux and it made mention of this. I could dial up and login to MSN under Linux (I had to specify the username in a particular way in my dialup scripts, dialed up to UUnet). I could even send email; they just used straight SMTP. What I could not do was receive email, as this required the previously-mentioned SPA.
So, besides the fact that everybody already knew, that this won't stop spam unless they block outbound port 25 to all hosts, you can still send mail through their servers any way you like. The problem is actually getting to the mail you receive.
(Addendum: After I started working for an ISP a few months later and was getting free dialup, I stopped sending in payments. They cut me off after a couple of months but never came after me for the $400.)
--
Runnin' around, robbin' banks all whacked on the Scooby Snacks...
MSN's anti-spam filters force you to use their SMTP servers and blocks any outbound port 25 traffic. This does not 'stop spam' but it forces spammers to use MSN's mail servers and not the anonymous open relays that they prefer. Since spammers need to be as anonymous as possible, they have (for the most part) left MSN's dial-ups.
No replies made to AC posts. Please log in.
Simple Solution:
For the SMTP server, use:
"macsmtp.email.msn.com"
and your normal user/pass .
They don't have it working right for Mac clients; tada.
I've been using this for about 2 months now on my Windows and Linux machines and it works great.
Personally, I am more concerned with why I can't send mail to anyone using AOL/Walmarts ISP: wmconnect.com .
Cute acronym
(Or should that be: Oxymoron)
-Eldurbarn
hey moron boy, you call AOL, Earthlink and MSN being a vast choice? wait till you install Windows XP and tell me how many choices you get if you're a first time user. the argument isn't that Microsoft is anti-competitive to geeks but that they are anti-competitive to people that buy computers at walmart.
of course I know that I can get net access from the local mom and pop. (in fact I just did yesterday) but I know people that are MCSEs that don't know they can use some other ISP even that they exist. Microsoft does have a monopoly and they are extending it by leaps and bounds with XP. Once everyone has XP installed do you think they'll buy Nero or Easy CD Creator? No of course not Microsoft has closed them out by including rudimentary cd-burning in the OS. thats not anti-competitive? then what the hell is? the list goes on and on. how can we stand by and just let this shit continue? how can you?
This seriously brings into consideration whether or not you have a soul.
-
POP3is a lovely protocol but it has one terrible disadvantage: It's a download only process. Oh sure email can be left on the server but there's no flagging, folders, etc. possible.
IMAP4 is an interesting protocol. Many developers (Steve Dorner of Eudora being a notable one) complain that IMAP makes too many assumptions about how folks are implementing it, the underlying system, etc. On the other hand it works well at this point for managing remote mailboxes, setting flags, folders, partially downloading messages, etc.
So why one over the other? POP is fine for tied-to-one machine folks. You get your mail, you download it, it's your problem. IMAP is suited to those who work from multiple machines or prefer the security of their email being kept on a server.
Guess which population is growing? More importantly guess which population corporate types are part of?
As an email administrator which would you prefer to work with:
Now you see why MS supports IMAP: Their customers really pushed hard for it. Is it part of some big MS-conspiracy? Possibly but there's no good evidence and certianly no rationale.
Furthermore IMAP doesn't give a whit about "Mailer Type" (if it even has such a thing as an option in it's protocol which I doubt.) MS is using their encrypted login as a means to enforce this, nothing so trivially hackable as a client ID string.
Actually encrypted logins are a Good Thing. It's just unfortunate MS is using them as a club to force folks to use only their email products and not supporting industry standard login strategies.
So now we have AOL, the largest ISP requiring their email client (there were trials years ago with opening it up, indeed Claris Emailer still does so though the application was EOL'd 3 years ago by Apple) and now MSN doing the same. Indeed in spite of the fact that there are now perfecty good clients and secure ways of working these folks want to go back to the old "lock 'em in" strategy.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Got any links, faqs or suggestions on how to do this? Thanks!
Try here, here, or here for information and links on SSH tunneling. The second one (on uoregon.edu) actually covers doing it for e-mail.
I don't. I haven't and won't buy Windows XP. I paid $40 for a boxed SuSE distro, to financially support an alternative. I don't buy any MS software, because I think it's crap.
That is how capitalism works - the people "vote" with their money. I can't think of a single common application that Microsoft can do that can't be done on mac, linux, solaris, etc.
The government does not exist to protect stupid consumers from themselves. If you want to change the software industry, start spending money in it.
While I agree that this isn't exactly a rights issue, I complete disagree that MSN or MS can do whatever they want. The FOF has survived appeal and it is now a brave new world for MS. Every move they make is fair game for legal scurtiny. You can cry about the supposed free market all you want but that ain't the real world and in this case I'd rather nip this in the bud before MSN gets a stranglehold share in the marketplace.
I don't want knowledge. I want certainty. - Law, David Bowie
... POP3 service is only available when using MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express
No it couldn't. "A is only available when doing B" means: "Do B, only then A is available" and not "If you do B only A is available". Since "A" equals to POP3 here, and i see no alternative mailhandling to POP3 in the FAQ it translates to:
Use MSN Explorer, Microsoft Outlook, or Microsoft Outlook Express to be able to send and get e-mail.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Well, they just said "best-of-breed" - they didn't say just what that breed was. (halfbred? inbred?)
-- "Those who cast the votes decide nothing. Those who count the votes decide everything." -Joseph Stalin
As part of our ongoing effort to reduce junk emails to our loyal customers, the Microsoft abuse management team has created a new "real-time black hole" domain block list. This list is used to check all mail routed through our servers (increased in volume thanks to our new deal with Qwest) for known spammer domain names.
You may be interested to note that leading this list are the following notorious domains. These sites should be avoided for the protection of our revenue stream... errr... customers:
Additionally, our upcoming Microsoft World Browser will include protection against websites hosted at these domains. Thank you for your cooperation as we work to improve your user experience on the web.
Sincerely,
Microsoft Support
How is it advantageous to force users to use Outlook for mail retrieval in order to prevent spam?
There may be some decent reason to do it with SMTP, but not with POP. That's simply an excuse to restrict their users to their product...
Do you like German cars?
I recently got laid off at a leading teleservices corporation that did technical support for MSN. This is because they completely dropped the contract with MSN (for what reasons I have only heard speculation and will not repeat here). I can assure you though that it was not because our standards were not good. Although it sounds like I am tooting my own horn we had probably the best call-center for all MSN service judging by the number of people calling back with ticket numbers started by people in other centers. I also judge this by the way the people wrote up their tickets without specifying what in the hell they did forcing me to go back through all the troubleshootings steps. (end rant)
First of all, MSN has two types of mail. They have the "legacy" POP3 system and the new web-based e-mail. You can find this information at MSN Support Services.
Web-based mail is kind of like what it sounds. It uses the same mechanism (XML over HTTP) that Outlook Express >=5 uses to access hotmail. However the server for @msn.com accounts is different from the server for @hotmail.com accounts. If you have an @msn.com web-based account you can go to http://supportsevices.msn.com/us/oeconfig/ to configure OE and then go to tools accounts and read the server name out of there. Note, this is also true for free @msn.com accounts. Note that only Outlook Express 5 or greater or Outlook XP can use this mail. Obviously MSN Explorer and the hotmail.com website itself are compatible with this.
Anyway, it seems the real issue is that these people would like to use their new MSN POP3 accounts with e.g. fetchmail. To correctly configure Outlook Express for MSN POP3 e-mail you must use the outgoing (POP3) server of pop3.email.msn.com (go figure) or the incoming (SMTP) server of smtp.email.msn.com. Furthermore you must select the "Log on using Secure Password Authentication" option as well as select the option under Outgoing Mail server that "My server requires authentication". You then must press the settings button and be sure it is using the same settings as the outgoing mail server. That is it logs on using SPA with the same U/P as the POP3 server.
Because of this MSN states that you MUST use Outlook to get your MSN POP3 mail. This is not entirely correct. What you must have is a client that supports SPA. Why is MSN doing this? MSN's reason: to reduce SPAM. However they tell customers simply this because most of their customers are rather computer illeterate (especially the former AOL lusers). The real reason is that since they contract out Dial-up Points of Presences (Pops, not to be confused with POP3 e-mail) that either A) they must use the POP3 before SMTP hack, or B) You must login to the SMTP server to send mail. If they didn't do this then any jackass dialing into one of those POPs even with another ISP would be able to send tons of SPAM through MSN servers. There have been plenty of /. articles about this before and anyone familiar with how contracted out POPs interfere with the ability to allow SMTP access to only your subscribers should know what I am talking about.
Now, MSN /could/ have simply kept the plaintext login POP3 and only required you to use a plaintext login for SMTP. However they decided that not only should they require a login for SMTP but at the same time they should require secure password authentication for both POP3 and SMTP. In other words, if they were going to have to have people change their Outlook mail settings they might as well knock out the ability of people to sniff the packets and retrive their users passwords while they are at it.
Problem is that apparently SPA in Outlook is an MS specific thing. Well, what do you want them to do. The only way for outlook to support not sending the login in cleartext is to use SPA. So therefore they enabled SPA on their mailservers and disabled clear-text logins. Of course theoretically they could include some other more open method of secure password authentication for use with other clients, or they could open up the MS SPA protocol. Or they could just say the hell with it because they only officially support MSN using MS software on Windows OSes (which actually does NOT include WinCE, you must contact your OEM for WinCE support with MSN).
Basically all that needs to be done is for other mail clients to support MS SPA. How to do this I am not really sure as I have not put much thought into it as I don't use MSN myself except for free accounts. All the free accounts use hotmail based e-mail.
There is of course another option. You could always "upgrade" your account to web-based from POP3 and then either go to the hotmail website to get your e-mail or use Outlook Express >=5 or Outlook XP to get your email in a real mail client (if you can call Outlook a real mail client, but hey, at least's it better than www.hotmail.com). There does exist a script (PERL I think) for retrieving mail from hotmail but I have looked at that code and it is really really crappy (apologies to the guy who wrote it, but I am sure he also knows that it is nothing more than a quick hack). Theoretically there is no reason that Evolution should not support the MS HTTPmail protocol. Turn on HTTP logging in the Advanced tab of OE properties and then open up the log in notepad. You will notice that the schema is relatively easy to figure out even though to the best of my knowledge it is not published anywhere. Evolution already uses XML extensively and has all of the framework necessary for parsing XML. I assume it also has the framework necessary for accessing an HTTP server in general. Therefore it should be rather trivial to write an MS HTTPmail backend for Evolution. In fact, I am surprised that no one has done so (I guess none of the developers use hotmail). I have toyed with the idea of doing one myself but 1) I use balsa, and 2) I have not done any programming with XML. However now that evolution is fairly stable I may go ahead and write this. Hell, I don't have anything pressing to do until Monday except clean the garage so we'll see. There's never a bad time to learn more programming techniques, and XML is one of the most popular things today so not only would I personally benefit from learning XML but also benefit with being able to access hotmail from evolution. And note well... if I do write this I do intend to support the advertisement properties as best as possible (i.e. opening up a small frame at the bottom and displaying a webpage in it). I know it seems stupid, but hey, they deserve to get paid even if they are MSN. And if anyone really wants to they can just change the code later to take out the ads.
Anyway, I hope this clears up a lot of the confusion people are having with this. I see at this point over 600 comments have been posted, a few reasonable, most along the lines of fsck Microsoft. People, I hate MS as much as everyone here. They are theives and crooks and must be beaten. However, as the cliche says: You catch more flies with honey than with vinegar. The only way MS will be beaten is when people stop bitching about them and just go do better than them. Every time I bitch about MS to my mother she reminds me: Then go write something better. While everyone has argued this point to death the bottom line is that in some respects MS software is "better" than open-source/free software. Even if only in the marketing sense of better.
-Dave