Telus mail transmission security - SSL implementation

telusfeedback
Just Moved In
Telus currently as of mid-2014 still does NOT use SSL mode transmission for POP-3, IMAP and SMTP e-mail transmissions. It's unbelievable at this day and age in the post-Snowden era, that Telus could so blatantly ignore this very basic e-mail security feature that any user would be hard pressed to find that any OTHER MAJOR e-mail provider (e.g. Yahoo, G-Mail, Hotmail / Outlook) or paid hosting provider would not have. It was only quite recently that Telus actually bothered to provide full SSL encryption for web mail, but the most important feature of external mail transmission using a mail client remains unprotected. This is a disservice to the basic privacy and security of Telus mail server users to force them to have e-mail data transmitted in the clear without SSL encryption, clearly leaving their data open to unauthorized sniffing and collection. Up until fairly recently, many Telus POP-3 users were still allocated only an unbelievable 15 MEGABYTES of mail server space, when many free e-mail providers were easily giving many GIGBYTES and now frequently easily a TERABYTE of mail storage. When is Telus going to finally implement SSL mode transmission for external mail server access to protect the privacy of its personal and business users? This isn't a fancy frivolous feature, it is a most basic security and privacy component of modern day e-mail server capability in view of global data collection and data security concerns, especially when Telus charges both personal and especially business customers a premium.
Status: Completed
Category:
  • Business Services
  • Home Services
Comments
BillTelusCust
Connector

I don't know wny anyone would even use email from an ISP that ties it to buying internet from them.

 

you are talking about SSL and security between your mail client and the server.

 

There is also TLS (transport layer security) which is used to encrypt the email between servers.  More and more places are using this.

 

Yes, Telus should do this (as should every email provider) but realistically, get your email on another platform, then you are not beholden to a particular provider for internet.

telusfeedback
Just Moved In
Bottom line - most Telus users I know that I deal with and are supporting ARE using Telus mail server and Telus e-mail addresses. The fact that Telus STILL DOES NOT use SSL or some type of secured mail transmission mode on their mail servers is nothing short of INEXCUSABLE. Obviously, one could use a range of major free e-mail services out there that pretty much all supports secured mail transmission between client and server. However, these are mostly American or non-Canadian services and are subject to the terms and conditions and laws of those provider's countries.
ambert
Connector
Hi @telusfeedback, We really appreciate you flagging this suggestion to use SSL mode transmission. Privacy is of the utmost importance to our team so we are putting this Idea "Under Review" and will connect with our product and privacy teams to check the feasibility of this update.
Status changed to: Under Review
telusfeedback
Just Moved In
@amber-t, thank you for placing the above suggestion for your team's review. I would add that it is important for your teams to realize that implementing mail server to user / client encryption for external mail send / fetching is only the first step in a secured mail system. To provide truly thorough and extensively secure mail transmission, it is also necessary to consider implementing INTER-SERVICE encryption, so that not only are e-mails securely transmitted with encryption between users with e-mail addresses on Telus, but also when Telus receives and sends e-mails to OTHER major ISPs / mail service providers (including Yahoo, G-Mail, Hotmail, AOL, etc). Please refer your teams to the following URL as examples of how inter-service mail encryption has already been successfully implemented by many major mail services, ISPs and e-commerce sites the ensure that all mail tranmissions between different major services remain FULLY ENCRYPTED throughout its transmission and NOT ONLY WITHIN the same domain or service. Because if inter-service encryption is not implemented, then secured transmission is limited to within e-mail addresses communicating within the same domain / ISP / mail service. http://www.google.com/transparencyreport/saferemail/ https://www.eff.org/encrypt-the-web-report
ambert
Connector
 
Status changed to: Requires Evaluation
Community Manager
Community Manager
 
Status changed to: Completed
Community Manager
Community Manager

Thanks for the feedback, @telusfeedback!


We have now implemented SSL for TELUS webmail. 8-)

telusfeedback
Just Moved In
I haven't been on this forum for quite some time and it's "wonderful" that Telus has finally bothered to implement SSL in the year 2015, just wow. But as of now in mid-2017, your mail servers still do not support SSL for password and e-mail transmission with mail clients via both POP-3 and IMAP. This is completely inexcuseable at this day and age of privacy and security. Telus is already charing us an arm and a leg for broadband services and you still do not support something as basic as secured transmission of passwords during POP-3 and IMAP mail server connections and mail transmission? Unbelievable and unacceptable. Keep in mind that there are countless users on mail clients and they are frequently using connections that may be public. Telus' complete disregard for basic privacy and security in password and e-mail transmission when mail clients are used shows that Telus is not at all serious about basic data security when users are using mobile devices / laptop computers in many different settings and connections that have security risks / data intercept and collection concerns. This isn't the 1990s anymore.