MobileWhack reports on a problem with email use at sites that are part of T-Mobile’s HotSpot network. James Duncan Davidson reports that T-Mobile’s SMTP server, the only one that is reachable via the normal TCP port from one of their hotspots, gets confused by SMTP-AUTH information that is intended for a user’s normal mail server.
SMTP-AUTH is an email protocol extension designed to stop SPAMmers from exploiting well managed SMTP servers. I’ve enabled SMTP-AUTH on my company’s mail server, so everyone that uses my mail server would have the problem that James Davidson is reporting.
The reason this has become a critical problem recently is that T-Mobile’s current configuration is less secure than most corporate mail systems because their SMTP servers accept email messages without authenticating the sender. As a result, their hotspot network can be used for spamming in some cases.
Davidson’s article is a good one because it explains the current problem in an easy to understand manner, and goes on to explain what he has done in order to work around it. His is not the only possible solution, but it is a reasonable one for users who have administrative control of their own mail servers. But, since most readers probably don’t have their own mail server, or don’t have the time to make configuration changes to their mail server for this limited purpose, I’ll offer another alternative.
The easiest path to avoiding the T-Mobile SMTP blacklist problem may be to use a webmail tool to send email and your normal email client to receive email. It’s pretty easy to get a webmail tool set up these days on most commercial email servers, if your company is willing to devote the sys admin resources to install and support it. There are many possible configurations for Open Source MTAs like Sendmail and Postfix, and a lot of them are freely available.
Let’s hope that T-Mobile engineers a better solution to sending mail from their network of hotspots. The current situation can’t be maintained for long. If customers can’t send email reliably, the value of the network is severely compromised.
We should all be rooting for public WiFi network providers, because it’s in all Operation Gadget readers’ interests for these companies to solve the technical and economic problems associated with their services.