Help with Outlook 365

Discussion in 'IT & Internet' started by OMGVape, Oct 11, 2020.

  1. OMGVape

    OMGVape UKBF Enthusiast

    602 76
    I am setting up three email addresses in a new Windows10 system. The first attempt (IMAP) worked ok be following instructions in my Krystal hosting account.
    When setting up the second address, I got the incoming mail port number wrong but outlook still added the address in the left column. Because I didn't spot my mistake, I tried a few times which failed until I realised my mistake. However I now have several copies of the same email address in the left column.

    When I click 'file' then 'account settings' I have the option to delete the working address but the incorrect ones stay in the left hand column.

    Anyone know what I'm doing wrong? If I could, I'd totally uninstall outlook and start again but I can't even do that.
     
    Posted: Oct 11, 2020 By: OMGVape Member since: Jan 21, 2018
    #1
  2. Nico Albrecht

    Nico Albrecht Verified Business ✔️
    Full Member

    1,111 265
    Easy one. Go to control panel look for mail icon open it and delete the profile for your outlook. Once done you get a fresh outlook prompt on the next start.

    Delete an Outlook Mail Profile from Control Panel

    Open Control Panel by clicking the Windows key and typing Control Panel

    In Control Panel, change the "View by:" in the upper-right-hand corner to Small icons then click the Mail icon

    Small Icons-Mail (+)

    Click the Show Profiles button.

    Show Profiles (+)

    Highlight the profile to be deleted and click the Remove button

    Remove Profile (+)

    Click OK

    Launch Outlook to recreate your profile
     
    Posted: Oct 11, 2020 By: Nico Albrecht Member since: May 2, 2017
    #2
  3. OMGVape

    OMGVape UKBF Enthusiast

    602 76
    Posted: Oct 11, 2020 By: OMGVape Member since: Jan 21, 2018
    #3
  4. forevergroup

    forevergroup Full Member

    97 12
    IMAP is a legacy protocol and inherently not secure. Unlike modern authentication it doesn't support MFA for example. We disable it for Microsoft 365 tenants now.

    Moving to Microsoft 365 is incredibly cheap for three users, and would allow you to improve security in numerous areas, and as an added benefit would have avoided this problem.
     
    Last edited by a moderator: Nov 10, 2020
    Posted: Nov 10, 2020 By: forevergroup Member since: Sep 12, 2020
    #4
  5. Kerwin

    Kerwin UKBF Contributor

    205 16
    IMAP is not a legacy protocol at all and there is nothing stopping people adding on MFA to it. If you like being locked into the Microsoft world then fine stick with Exchange Online but if you ever want to use Linux or any other open source operating system for your email server(s) IMAP is going to be the protocol you'll be using.
     
    Posted: Dec 4, 2020 By: Kerwin Member since: Dec 1, 2018
    #5
  6. forevergroup

    forevergroup Full Member

    97 12
    IMAP is indeed considered a legacy authentication protocol because it does not support multi-factor-authentication. You cannot 'add' MFA on to IMAP, because IMAP does not support MFA.

    What you may be referring to is adding some form of other authentication layer to the connection that can add other authentication 'factors' (for example a device-based / zero trust layer).

    However that is actually proving, rather than dissuading, my point about IMAP.

    Linux or Microsoft have nothing to do with it. The industry considers email authentication mechanisms such as IMAP, POP3. SMTP that do not support MFA to be legacy authentication mechanisms.

    https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/attackers-use-legacy-imap-protocol-to-bypass-multifactor-authentication-in-cloud-accounts-leading-to-internal-phishing-and-bec#:~:text=Notably%2C%20attackers%20were%20able%20to,to%20bypass%20even%20multifactor%20authentication.

    Trend Micro being the largest independent security vendor in the world. Proofpoint being the Gartner-leading email security vendor. And Microsoft being.... Microsoft.

    But we're all wrong of course, according to you.
     
    Posted: Dec 4, 2020 By: forevergroup Member since: Sep 12, 2020
    #6
  7. Kerwin

    Kerwin UKBF Contributor

    205 16
    Sorry. Maybe my reply was more aggressive than it needed to be.

    The point I was trying to make is that IMAP over TLS is a perfectly secure protocol. It has been in use for years and continues to be in use by both large corporations and smaller end users. So from a security point of view, the protocol itself is fine.

    Having weak passwords and no MFA is not a protocol issue. It is a user issue. Get your users a password manager and make them set a strong password and IMAP is perfectly safe to use. When talking about legacy protocols you are generally talking about protocols which are known to be insecure such as Telnet.
     
    Posted: Dec 5, 2020 By: Kerwin Member since: Dec 1, 2018
    #7
  8. fisicx

    fisicx Moderator
    Verified Business ✔️

    35,013 10,695
    I’ve got IMAP on my phone. Seems to work just fine. Syncs with the PC and it’s all good.

    It might be old but it works on the gazillion of devices that still use and support it.
     
    Posted: Dec 5, 2020 By: fisicx Member since: Sep 12, 2006
    #8
  9. forevergroup

    forevergroup Full Member

    97 12
    No problem, we're all here to engage in discussion and I value everyone's opinion!

    However while I appreciate the semantics this has nothing to do with TLS or password complexity.

    To clarify the entire industry widely considers IMAP to be a legacy email authentication protocol.

    In fact the industry also considers authentication based on 'secure' passwords to be an oxymoron in general, because passwords are inherently not secure, for many reasons.

    They can be compromised by password stuffing, brute force, third-party-breach, endpoint compromise, phishing, user error, and more.

    Microsoft data suggests that implementation of MFA reduces password-based breaches by 99.9%.

    Your feedback is noted, just genuinely out of date I'm afraid. Anyone who works within cloud security to any knowledgeable degree will tell you the same thing.

    I appreciate that IMAP 'works' for sending and receiving email but that's not what is being discussed here.
     
    Posted: Dec 5, 2020 By: forevergroup Member since: Sep 12, 2020
    #9
  10. fisicx

    fisicx Moderator
    Verified Business ✔️

    35,013 10,695
    But you said:
    Which entire industry?

    O365 and anything cloudy plus IMAP may be old and insecure (I wouldn't know). But that not the same as saying it's old and insecure for everything.

    If it is as bad as you suggest, how come it's still hard coded into every phone and email client? Why don't I get lots of warning if I try to use IMAP?
     
    Posted: Dec 5, 2020 By: fisicx Member since: Sep 12, 2006
    #10
  11. pcourtney

    pcourtney UKBF Newcomer

    43 8
    The definition of TLS is "transport layer security" so by definition one would assume its secure !

    But all TLS does is build a secure communication tunnel, so end to end plain text emails would work very well in this scenario between trusted parties ten years ago !

    Sadly today, with email attachments, malware, viruses, ransom scripts and the like being embedded in hundreds of millions of email every day, it's the content of the email that is the problem, and that's why the likes of gmail, and microsoft ( with all their spam detection bots) are mopping up in the email market

    I cannot post web links yet, I think I will have to post a bit more to have that luxury, but all these big corporations are investing heavily in ML ( Machine Learning ) and AI ( Artificial Intelligence ) in an effort to combat these nefarious emails that end users often read and act upon without a care in the world

    if you google search the below, it gives some insight into TensorFlow

    Gmail is now blocking 100 million extra spam messages every day with AI - Google is using its machine learning platform, TensorFlow, to eke out additional gains

    no doubt Microsoft have similar for Office 365 ( the hosted email and cloud based app side of the company) , others are also moving into Cloud Based Email - one example is SpamHero

    so yes IMAP has been doing sterling service since 1986 when Mark Crispin developed the first IMAP program at Stanford University as an alternative to POP, back then IMAP had the advantage of being a two-way protocol that provided greater functionality for the user

    but 30+ years later things have moved on, and if your business revolves around email, then getting a big company to host it for you does its advantages that might be worth looking into
     
    Posted: Dec 5, 2020 By: pcourtney Member since: Oct 7, 2008
    #11
  12. fisicx

    fisicx Moderator
    Verified Business ✔️

    35,013 10,695
    I’ve got my own server. I host my own emails. Despite numerous attempts it’s not been hacked in over 10 years. That seems pretty secure to me.
     
    Posted: Dec 5, 2020 By: fisicx Member since: Sep 12, 2006
    #12
  13. pcourtney

    pcourtney UKBF Newcomer

    43 8
    not once did I mention anyone hacking your email server, the bigger problem is the amount of spam, and how the email is viewed by end users ( and it is this payload - ie if you click on anything etc while reading the email ) , the layman is more likely to have issues with "Identity Theft" and other scams because some of these emails look legit

    how do you cope with the spam fislcx, do you use any anti spam ( squid proxy ) etc ??
     
    Posted: Dec 5, 2020 By: pcourtney Member since: Oct 7, 2008
    #13
  14. fisicx

    fisicx Moderator
    Verified Business ✔️

    35,013 10,695
    Spam assassin. I get almost no spam. The ones that get through are junked and Thunderbird learns to recognise similar.
     
    Posted: Dec 6, 2020 By: fisicx Member since: Sep 12, 2006
    #14