4

I'm trying to set up any mail client to have a secure connection to Network Solutions' email servers.

I've been talking with Network Solutions' email support people, who will repeatedly state that Network Solutions email is secure, even immediately after confessing that SSL is not supported, nor is STARTTLS, nor is secure authentication for their POP3 server. Every byte sent to and from their POP3 is unencrypted and sniffable. They repeatedly call that secure.

It seems like a classic case of doublespeak.

Not only that, their webmail's login screen has a checkbox for a secure connection, but when clicked, it immediately unchecks itself using Javascript. Their support managers insist that http:// represents a secure connection. They say that over and over.

This looks like a completely hopeless case, but I might ask: Has anyone here made any progress in getting anything better service for email out of Network Solutions?

Here's another idea to remedy this:

I understand that PHP can be used to send emails. If I were willing to write my own secure web email app in PHP, is there a way to set up a PHP script to act as a listener or callback to receive incoming emails? Maybe Network Solutions would never support such a concept anyway.

Improve this question
4
  • 5
    What do you mean by "Network Solutions domains"? Are you talking about the servers that NS uses for its own email ([email protected])? Or do you mean the default email solution that NS offers if you register "mydomain.com" via NS? Assuming it is the latter, why not just refuse their solution and point your MX records to some other secure email hosting facility? E.g. fastmail.fm?
    – nealmcb
    Commented Sep 16, 2011 at 5:28
  • @Mithras, welcome to Information Security! I feel I should point out that this question, as phrased, is very localized to your specific provider. In fact, it's on the verge of being closed... It also reads more like a rant (probably justified, as clueless as they sound, but rant nonetheless :) ). I think you'd be better off trying to rephrase the question in a more general form: e.g. something like "how to connect securely to a mail server with no SSL"...
    – AviD
    Commented Sep 19, 2011 at 21:15
  • 1
    If that is the level of service and expertise you're getting from your vendor, your only choice is to drop that vendor.
    – yfeldblum
    Commented Sep 20, 2011 at 13:20
  • 4
    This question appears to be off-topic because it is about using a specific service, and not about analyzing or implementing a security policy.
    – Gilles 'SO- stop being evil'
    Commented Oct 4, 2013 at 21:41

4 Answers 4

Reset to default
2

It sounds to me like you bought a domain for your website and want to have your email @yourdomain.com type of deal. You don't have to use "their mail services". You can use Google Apps or any number of third party providers. You will then just update your DNS settings at Network Solutions with instructions provided by the provider.

As for your PHP solution, that would be writing an email server from scratch. Unless you have your own server, you would not be able to have PHP listen on the expected mail ports, but if you do have root on your server, you can just set up your own mail server and update your DNS accordingly.

The main point here is unless you have some odd package, Network Solutions shouldn't restrict your from connecting a third party email service to your domain. If this answer doesn't fit your scenario, please clarify your needs.

Improve this answer
1

If Network solutions don't support encrypted transports at the server level, then any protection you provide would likely need to come at the data level. For example using PGP/GPG for any sensitive information you send/receive over their service.

However that's not really a good solution as it doesn't protect email sent to the account by others, unless you've pre-warned them to encrypt it.

I'd recommend looking at alternative e-mail solutions if you can. G-Mail for example uses encrypted SMTP and IMAP connections by default and also allows for two-factor authentication.

Improve this answer
1

I came across many corporate "off the shelf" email solutions that are so-called secure, but in fact nothing is authenticated nor encrypted. I would highly recommend you look into encrypted email solutions such as the one provided by CryptoHeaven which uses encrypted storage and even the hosting facility cannot access your emails in plain form.

Improve this answer
0

when using the network solutions webmail portal the SSL does remain checked and I am able to login using a https connection. However my concern is not this (aside from the other issues people bring up here which are concerning) my issues are about netsol email being configured with other devices like my iphone. Netsol doesn't allow SSL connections via its pop connection, that is why I use the webmail login though I am not convinced its all ok. Just my 2 cents. It is now harder than ever to get a good answer out of netsol as they have been merged with web.com or something. All the people I have talked to have been ignorant about server configs etc. Not to say they are all idiots just mostly. ---> Oh I just found this post, this is enlightening though discouraging. Oh ya here is another product we will sell you with more holes in it to pretend you are secure, thanks netsol, u suck... $$ http://www.networksolutions.com/email-account/email-security.jsp & forum threads to boot -> http://forums.networksolutions.com/nsmail-f47-ssl-to-check-e-mails-t2942.html

Improve this answer

Not the answer you're looking for? Browse other questions tagged .