My Smartermail Christmas list
Idea shared by Charles Michel - 6/17/2016 at 4:45 PM
1. The ability to create anonymous email addresses, which work pretty much like an alias, except that it is associated to a single user, it is permanent (until deleted by the user), and a user would be able to send an email from this address (unlike an alias). Use case: think of when you need to provide your email address to some commercial website. You know they will leak it sooner or later, you know they will spam you sooner rather than later. Give them a dedicated email address and when either happen you can delete this anonymous email and no more spam or account that can be correlated to another website when they get hacked.
2. The option to make STARTTLS mandatory on SMTP and IMAP and deny unencrypted connections (99% of which is spam). Perhaps also showing statistics of incoming traffic by encrypted/unencrypted.
3. On My Today Page, show the list the 10 previous connections with IP, country of IP and device used. This is a security measure to give the user an opportunity to spot an illegal access to his mailbox.
4. For certain "super-user", it would be useful to have the ability next to "Block sender" to also block the incoming smtp server. Blacklisting smtp servers is a more definitive way to fight spam. Of course this would require an explicit delegation.
5. Silent auto-update, google chrome style. I would love to have the option not to have to update smartermail manually and for the program to have the ability to self update itself (subject to the current license still allowing the upgrade).
6. Move the logout button directly next to Help at the top right, instead of in the drop down. I would like to be able to log in and out quickly, this would save a click every time.
7. Why can't smartermail use the SSL certificates from the Windows/IIS certificate store (for IMAP/SMTP)? The current approach requires keeping unencrypted certificates in the smartermail folder which is not ideal. 
...because I still believe in Santa Claus!

6 Replies

Reply to Thread
Employee Replied
Employee Post
Hi Charles.  This is a good list, and I'll certainly make sure our developers are made aware of it.  Currently, the only item here I have an answer for is your #1.
We have Plus Addressing available for this very purpose.  You can test this in Settings >> My Settings >> Account Settings >> Plus Addressing tab.
From our Help documentation:
Plus addressing is a feature of SmarterMail that allows you to automatically filter your incoming email without creating content filtering rules first. Plus addressing also allows users to use special email addresses if they do not want to give out their real email address. For example, if user@example.com needs to provide a valid email address to sign up for a newsletter, he can sign up for the newsletter using the address user+technewsletter@example.com. When the newsletter is delivered, it will automatically be routed to the Technewsletter folder. If the folder does not exist, it will be created automatically. Note: For plus addressing to work, it is important that the folder name appears AFTER the username, but BEFORE the domain name. So the format should be: username+foldername@domain.
While this wouldn't allow you to send from this Plus Address, this would still achieve the functionality you're looking for when you don't want to provide your real email address to a sign-up website.  I hope this helps.
I'm afraid plus addressing doesn't help for two reasons:
1. You can't delete it, so if we start receiving spam there is no way to severe the link
2. Gmail has the same feature, and it gives away the underlying email address (the bit before the plus). So I am sure that spammers are very much aware of the trick and of how to retrieve the underlying address.
For my Christmas list item #2, where I think this is really necessary is for imap connections. If I know all my clients will be all modern devices, I have no reason to preserve backward compatibility and allow a MITM to do a TLS downgrade attack (you really have to find a really old email client for it to not be compatible with TLS). Same thing for smtp new email submissions from my users. For smtp incoming and outgoing traffic this is less obvious as unfortunately lots of smtp servers still do not support TLS (amazon only switched to TLS a couple of years ago).
I would also like to see STARTTLS mandatory, but on a domain basis.  The list of domains would need to be independent of the hosted domains.  We often send mail on behalf of a domains that we do not provide email hosting for,  Some government contracts require all Personal Identifiable information to be transmitted and stored encrypted.  This requirement includes both websites and email. Right now I can't guarantee that all email sent for a domain is sent encrypted.  It would also be great if the emails in a mailbox were encrypted.  We can't get some government contracts with Smartermail because some Personal Identifiable Information may be (is) written unencrypted to a hard disk
I like number 7
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273
If I can add one more item to the list (as we are approaching christmas): support for Let'sEncrypt certificates.
It would be great if the smartermail service would be able to request and renew a certificate automatically for a given domain, at least for non IIS traffic (ie smtp, imap, etc). 
It would be even better if it could add that let's encrypt certificate to the windows certificate store so that the IIS hosted webmail could also benefit from it.
Still scratching my head over SM burying the logout link in a drop-down. This "feature" was originally introduced by 800-pound gorillas like Google and Facebook to keep you logged in for as long as possible in order to gather, and monetize, your browsing "habits."
For SM this makes no sense - indeed just the opposite. SM doesn't track your activities for those purposes (does it?). So, especially if you're using SM webmail away from your usual computer (and this happens often for some folks), you want to be able to logout as effortlessly as possible, FOR SECURITY REASONS. And security is supposed to be the name of the game for email these days. So what gives here?
The logout link in previous versions of SM webmail used to be where it belongs, in plain view at upper-right. Kindly replace it there.

Reply to Thread