Mail Authentication (POP before SMTP)
This method of authentication is obsolete.
Please refer to SMTP Authentication for the preferred SMTP Authentication method.
Please refer to SMTP Authentication for the preferred SMTP Authentication method.
What exactly is "POP before SMTP?"
POP before SMTP is a method for authenticating users before they send mail through a mail server. Unauthorized users are automatically denied access, and most legitimate users will not notice any difference in service.
Why does webonline use this?
Historically, the Internet was a fairly open network. For the most part, any user could connect to any mail server and send mail to any other user. This openness was largely by design. Unfortunately, "identity thieves" and spammers soon figured out that they could abuse this feature, leaving administrators to find a way to stop the abuse while still allowing legitimate users to send mail. There are many potential solutions, but each is a compromise at best, suited for one particular kind of environment. Preventing this kind of abuse within a private or homogeneous network where everyone uses the same software is relatively easy. But like most ISPs, we must provide services to people using a wide variety of software over which we have little or no control. Therefore, we had to choose the compromise solution which will work best for most of our users, and pose the least inconvenience.
After examining all of the alternatives, and with "identity theft" on the increase, webonline chose to use POP before SMTP to authenticate users.
How does it work?
SMTP, the protocol used to send mail, has no built-in authentication. There have been a couple of attempts to graft user authentication onto SMTP, but they've been unsuccessful because the client programs like Outlook and Outlook Express don't support the extensions.
Most remote users trying to send mail through our servers use POP3 to retrieve mail, and POP3 requires authentication. Therefore, we can simply require that most users do what they're already doing -- check to see if they have any new mail before trying to send any mail. Checking your inbox will result in your userid being entered into an access data-base on one of webonline's servers, where it stays for half an hour. As long as you have your mail client set to check for new mail, say, every 25 minutes, you shouldn't notice any difference.
Will this reduce the spam that I receive in my mailbox?
Unfortunately, no. This measure only prevents non-webonline users from impersonating you or sending spam through our servers. This helps to improve your security and also reduce spam for everyone, and ensures that webonline's servers won't be abused.
Does my mail program POP before SMTP automatically?
You can run a simple test. Using your normal mail setup, just send mail to a non-webonline account. Most clients show status messages while they're handling mail. Watch the messages to see if it checks for new mail before sending the message. If it does, you're covered. If it doesn't, look through your program options for a "check mail before sending" or similar option. Some clients have a "check and send" button in addition to a plain old send button. In all cases, the client must check for new mail before attempting to send mail.
Our setup has been successfully tested with recent versions of Eudora, Pegasus Mail, Netscape Mail and others. Similarly, users of our Web-based email are completely unaffected. Some users of Outlook and older versions of some other clients may have problems with our new setup. Please keep in mind that we can't support every exotic mailer out there, and our best advice may be to upgrade.
What can I do if my mail program doesn't work properly with this setup?
You have a few options. You could switch to a mail client that will work with our configuration. Or if you're stuck on your current client for one reason or another, you could just make a minor configuration change instead. If you're accessing your webonline account through a dialup provider, you can use their SMTP server for sending mail rather than using webonline's. You would still retrieve your mail using POP3 from our server, but any outgoing mail would be sent through your dialup provider's mail server. This bypasses any authentication restrictions. You'll just need to know the address of your ISPs SMTP server (usually mail.yourisp.com). Then find the option in your mail client where you can set the SMTP or outgoing mail server name and change it. Be careful not to change the POP3 or incoming mail server name, or you won't be able to retrieve your webonline mail. If you need help with this step, send mail to support@webonline.biz ask your dialup provider how to configure your mail client to use their SMTP server.
Johann