IDNet email - sending via alternate SMTP servers

[Zirynx]

This is a spin off from my other email thread but, as it's a separate, very specific question, I felt it warranted it's own thread. Calling on email techies to answer this one...

I've been experimenting with IDNet email (@IDNet.com) in anticipation of changing my mum's email address. So far, I've created an address and, for the most part it basically works, although throughput seems incredibly variable!

I'm testing and familiarising myself with the webmail interface, and checking that everything works with an IMAP client, and I'm doing this via my own internet connection, which is not IDNet.

Specifically, when sending email from the IMAP client, utilising the above IDNet identity, but via my own ISP's SMTP server, my own ISP rejects the email stating that IDNet's SPF (Sender Policy Framework) does not allow email to be sent through the alternate SMTP server.

So, is this a general IDNet policy, that email with an IDNet 'from' address can only be sent through IDNet's SMTP server or, is this likely to be a specific relationship (or lack of!) between IDNet and my ISP?

FYI, my own email account is not tied to my ISP, so I'm always sending non-ISP email through their SMTP server without a problem.

Of course, the obvious argument (assuming this is a general restriction imposed by IDNet) is that it's in place to prevent email address forgery, but in that case, I would expect authenticated access to IDNet's SMTP server via an alternate ISP, but I can't seem to find any evidence that this supported.

Anyone else do this, and have a way around it?!

Thanks.

[Rik]

I assume its standard policy, but I've never been in a position to try it via another ISP. A quick call to support might be your best bet.

In what way are you finding throughout variable? Of the various email addresses I use, idnet.com is usually the fastest.

[Zirynx]

Yep, reckon I'll add it to the list of questions for Martin on Monday!

Re: throughput, I'm finding that the time to arrive at inbox is varying between very short (ie, the time to get access to the webmail inbox after sending one from another client or webmail interface) and a worst case so far of nearly half an hour!!

Test is a little crude but reasonably 'real world'. I have access to a number of email addresses (work, family, personal, very personal(!!) etc... ) so I'm sending from each of them in turn (via webmail, so the result isn't skewed by my ISP's specific SMTP server) and copying to the other addresses, and comparing time of arrival.

[Rik]

Try turning off the spam filtering. It could be the boundary servers, which ask for a re-send for the first time on each domain...

[Zirynx]

Good point. I'll factor that in and see what happens.

[Rik]

Fwiw, the forum sends me email notifications on every post made (except my own, luckily ), and I generally can respond to that alert within two minutes of the post.

[Zirynx]

  Was wondering if this was your full time job!!

Anyway, that deserves some more karma!!

[Rik]

It's not a job, it just feels like one. Thanks.

[colirv]

So, is this a general IDNet policy, that email with an IDNet 'from' address can only be sent through IDNet's SMTP server or, is this likely to be a specific relationship (or lack of!) between IDNet and my ISP?

I've just sent emails with an IDNet 'from' address via two different SMTP servers - dnsexit.com and PurpleCloud (which hosts my domain). In both cases the emails arrived ok, albeit it took them somewhere between 20 minutes and an hour to do so. I am, of course, connected via IDNet so my circumstances differ from yours in that respect.

[Rik]

Good point, Colin. Any authentication required has already happened by connecting.

[colirv]

And thinking about it (which I tend to do after posting rather than before) when Zirynx says "FYI, my own email account is not tied to my ISP, so I'm always sending non-ISP email through their SMTP server without a problem" what I should have said was that I don't normally use my IDNet 'from' address yet can use IDnet SMTP quite happily.

[Zirynx]

Yep, this is the opposite of the scenario that I'm trying to resolve Thanks anyway.

I have a debug report from my ISP's postmaster which contains all the info that IDNet and Martin will likely be interested in, when I hopefully get to chat with him on Monday.

[colirv]

Yep, this is the opposite of the scenario that I'm trying to resolve Thanks anyway.

Perhaps I'm being dim, but if you can use your IDnet 'from' address with both the IDnet SMTP server and non-IDnet SMTP servers, and you can use a non-IDnet 'from' address with both IDnet's SMTP server and non-IDnet SMTP servers, and your mum is going to be connecting via IDnet - what else do you need?

[Zirynx]

Sorry colirv, it's me that's not being entirely clear! Although it's the setup of my mum's IDNet email that has thrown up this question (and specifically, me trying to test it via an alternate ISP connection) it's actually for me that this question is relevant.

I'm still thinking of joining IDNet myself, but I roam a lot and frequently find myself connecting to other networks. I would want to be able to send email with an IDNet 'from' email address of my own, through any other companies' or ISP's SMTP servers. That is as far as I got testing my mum's email address - I wasn't able to send email using her new IDNet email address via my current ISP's SMTP server. I am, however, able to send emails using the 'from' address of other domain email addresses via my current ISP's SMTP server.

Specifically, the error message I received stated that it was IDNet that were prohibiting the sending of the email due to their Sender Framework Policy, and that my ISP was merely complying.

Of course, there may be more to it than that, so I think I need to check this with support on Monday. Will of course post an update here.

Thanks.

[colirv]

I would want to be able to send email with an IDNet 'from' email address of my own, through any other companies' or ISP's SMTP servers.

That is what I did last night - sent two emails using my IDnet 'from' address and two other companies' SMTP servers.

I wasn't able to send email using her new IDNet email address via my current ISP's SMTP server.

So you, acting as your mum, couldn't do what I did. That indeed has me puzzled.

[Rik]

I wonder if this could be specific to a particular ISP?

[Zirynx]

Colirv, just so I am clear, am I correct in understanding that you are sending emails with an IDNet 'from' address, via alternate SMTP servers via an IDNet ISP connection? Presumably then, this must be authenticated SMTP access?! Otherwise it would be 'relay' access, which doesn't happen these days!

I am trying to send emails with an IDNet 'from' address via an alternate SMTP server which is accessed via an also alternate ISP connection. Perhaps this is the difference?

[Zirynx]

I wonder if this could be specific to a particular ISP?

Yep, that occurred to me in the opening post - whether it was a specific relationship, or lack of between the respective ISPs. Conceptually, it wouldn't be unheard of!!

[Rik]

There's standards and then there's standards... 

[colirv]

Colirv, just so I am clear, am I correct in understanding that you are sending emails with an IDNet 'from' address, via alternate SMTP servers via an IDNet ISP connection? Presumably then, this must be authenticated SMTP access?! Otherwise it would be 'relay' access, which doesn't happen these days!

Yes, that's correct - and as Rik said, it is authenticated because I'm connected via IDnet.

I am trying to send emails with an IDNet 'from' address via an alternate SMTP server which is accessed via an also alternate ISP connection. Perhaps this is the difference?

Indeed. I understood you to be testing your mum's connection, which would mean connecting via IDnet and thus being authenticated. If you're neither connected via IDnet nor trying to use their SMTP server, but are simply mentioning them in your 'from' address line, then how can they be in any way responsible for your email bouncing?

[Zirynx]

I certainly understand your curiosity, and that would have been my instinctive response too. However, there is specific mention in the failure notice of something called 'SPF' (Sender Policy Framework) http://www.openspf.org/

Here is a (censored) excerpt from the failure message:

Why did SPF cause my mail to be rejected?

What is SPF?
SPF is an extension to Internet e-mail. It prevents unauthorized people from forging your e-mail address (see the introduction). But for it to work, your or your e-mail service provider's setup may need to be adjusted. Otherwise, the system may mistake you for an unauthorized sender.

Note that there is no central institution that enforces SPF. If a message of yours gets blocked due to SPF, this is because (1) your domain has declared an SPF policy that forbids you to send through the mail server through which you sent the message, and (2) the recipient's mail server detected this and blocked the message.

xxx.yyy.com rejected a message that claimed an envelope sender address of user.name@idnet.com.
xxx.yyy.com received a message from host-aaa-bbb-ccc-ddd.xxxx.com (aaa.bbb.ccc.ddd) that claimed an envelope sender address of user.name@idnet.com.

However, the domain idnet.com has declared using SPF that it does not send mail through host-aaa-bbb-ccc-ddd.xxxx.com (aaa.bbb.ccc.ddd). That is why the message was rejected.

I infer from that text that IDNet.com have an explicit SPF entry which restricts the sending of IDNet-identified email outside of their SMTP servers. This may well not be global, but instead, specific to certain ISPs. I don't know, and I may even be completely wrong in my interpretation of the failure message. At this point, I'm no more than speculating so, I think it's only right and fair that I speak with IDNet support on Monday to clarify what might be going on here.

It's all getting very interesting though!!

[colirv]

I infer from that text that IDNet.com have an explicit SPF entry which restricts the sending of IDNet-identified email outside of their SMTP servers. This may well not be global, but instead, specific to certain ISPs.

Reading this, my guess is that it is global, and that IDnet, in order to stop forgeries, have in effect said "if it purports to come from IDnet but clearly doesn't then it's a forgery so bin it". In your case you've sent an email that implies it's from an IDnet user but clearly isn't, and so it's been binned as a forgery. That seems to me to be simple common sense! Having said that, I must confess surprise at how easy it seems to be to stick anything in a 'from' line. I use my Spamcop address as the 'from' in everything I send via IDNet's SMTP server, and Spamcop have never complained - although that might be because they don't have an SMTP server themselves!

[Zirynx]

I certainly understand the reasoning behind such a restriction. However...

In your case you've sent an email that implies it's from an IDnet user but clearly isn't, and so it's been binned as a forgery.

Well, not quite! The email was being sent from a legitimate IDNet user (except that, effectively, I was sending it behalf of my mum!) but from outside of the IDNet infrastructure.

In other words, what happens if my mum comes to visit me, brings her laptop and wishes to send emails while she's at my place?!?!

I don't think it's at all unreasonable for IDNet to put this restriction in place provided they allow secure authenticated access to their SMTP servers from outside of their network.

I'm really looking forward to Monday's conversation!!

[colirv]

I'm looking forward to you reporting back!

[plugwash]

the correct soloution would be for IDNET to implement authenticated SMTP (if they have not done so already) so customers can use the IDNET SMTP server even when not connected through IDNET.

[Zirynx]

I absolutely agree!

If this were the case (and my experiments thus far suggest it isn't), then I would actively support the restriction of not being able to send IDNet-identity emails via other ISPs' SMTP servers.

[Simon]

I'm sure there's a reason why authenticated SMTP isn't currently available, but let us know what Martin says on Monday.  I have to say, I don't recall anyone else bringing this up recently, so maybe it's not widely used in general?

[Rik]

One of the reasons may be that idnet.com addresses are a free service.

[Zirynx]

A long time coming but, nevertheless, an update...

After a conversation (a few weeks ago now) with Martin, (who spoke with the usual IDNet helpfulness) I learned that Password Authenticated SMTP is available on IDNet. It turns out that I was initially unsuccessful at getting it to work because:

1) I was pointing my email client to port 465, whereas IDNet port 587, which is equally 'standard'!

2) I had also enabled the 'SSL secure connection' option. Reminder to self, SSL is not the same as Password Authenticated SMTP!!

Anyway, that solves my on/off network SMTP question, and I have setup password authenticated SMTP as standard, even when 'on network'.

Thanks for everyone's help on this, and if I can be of any further help to anyone else, just ask.

[Sebby]

Thanks for letting us know. Good result.

[cavillas]

The world seems such a strange place.

[Rik]

Noted for the forum database, thanks Zirynx.