You can't send secure email from Starbuck's (at least not easily)

By Oren Sreebny on April 23, 2004 11:22 AM | | Comments (2)

I'm working from a Starbuck's via wireless this morning while my car is being serviced. I've paid my $10 to t-Mobile for a day's worth of connectivity (this suburban neighborhood doesn't have any place in walking distance offering free wifi, otherwise I wouldn't be here).

I got connected ok and went off reading my email and trying to catch up, but the first time I tried sending an email I got an error message - then the fun began.

Like most other academic institutions, and, I assume, lots of other places, we now require people connecting from off-campus addresses to connect securely to an authenticated SMTP server for sending email. That way people can continue to use our mail servers, but it keeps them from being used as open mail relays by the various dark forces out there on the net.

But it doesn't work from the t-Mobile wireless at Starbucks. It appears that they block SSL-encrypted connections on the usual mail-sending port (25). Why would they do that? It makes no sense whatsoever. And the caffeine coursing through my veins didn't make me any calmer as I tried to figure this out...

Luckily, I could get into our unix machines just fine with a Kerberos-authenticated telnet connection and use good ol' Pine just fine.

After a couple of exchanges with our fabulous support and engineering staffs, it turns out that I can get regular Mac mail working by switching to an alternate port (587) on our SMTP server.

It's great that we can get this to work, but how would an average Starbuck's coffee swilling computer user figure this out? They wouldn't. Then they'd be madder than hell.

Categories:

2 Comments

JIm said:

Oren, chances are good they were just blocking port 25, period.

More and more ISPs are doing this (Earthlink, for example) - blocking outbound access to port 25 and forcing you to use their SMTP server. With the existing anti-spam laws on the books, I'd wager it's something of a CYA move to reduce possible liability. Who knows?

It's just annoying. Between that, and the various things that Comcast does with my broadband in the name of "protecting" me, it seems that we're running headlong into an Internet that's so dumbed down as to be indistinguishable from an early 90s Nautilis CD-ROM.

But maybe that's just the coffee talking...

April 23, 2004 2:17 PM
Bill Corrigan said:

So how do us not so mere mortals accomplish this? If I were connecting back to my home through a vpn connection and then all my out-bound traffic went out over my dsl line, would that take care of it?

-Bill

April 23, 2004 4:17 PM

Leave a comment

About this Entry

This page contains a single entry by Oren Sreebny published on April 23, 2004 11:22 AM.

It's definitely baseball season now was the previous entry in this blog.

Indie record label sales are up (and they're having more fun, too) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

About Me
Powered by Movable Type 4.01

Search