Rozwiązania

które spowodują, że Twoja Firma
będzie funkcjonować lepiej i bezpieczniej

HW group: Use a public SMTP server – not recommended [EN]

At HW group, we are focused on providing long-term reliable service to our customers. If you use our monitoring device for a temperature alarm, it must work now and in 2 / 5 / 8 years without touching it. Through our support requests, we see that a significant percentage of our customers repeat the same mistake again, and we would like to offer a solution.

HW group has several intentions when designing remote monitoring solutions:

  1. All our products must be installed by experienced IT professionals within 1 hour;
  2. We do our best to provide long-term stable service without false alarms;
  3. We maintain compatibility in the terminology of our hardware, interfaces and concepts.

Many customers ask for very basic functionality: an email alert when there is a temperature problem at the remote site. Yes, it can be upgraded to SMS alerts, repeated, escalated, but it’s all beyond the basic functionality of simple email alerts.

Since the beginning of the Internet, SMTP (Simple Mail Transfer Protocol) was the easy-to-use service for this kind of purpose. We all learned in the 90’s to simply send the email alert from the device to the SMTP server and that was it.

If you are inside corporate network, sending alert emails via SMTP server is still a valid idea. You know your SMTP server, someone is responsible for its maintenance.

But if you are using for sending alert emails through the public SMTP server like those listed below, you should change your mindset. Since the 90’s there is one big game changer: SPAM.

Public SMTP servers we have tested:

  • Gmail.com
  • Office365.com
  • Outlook.com
  • Hotmail.com
  • smtp-mail.outlook.com
  • GMX.com
  • GMX.de
  • Yahoo.com
  • Seznam.cz
  • Centrum.cz

These SMTP servers work most of the time for sending alert emails, but it is not a long-term reliable solution. Which is why we offer you more reliable option free of charge.

The 90s are over, let’s update our approach to long-term reliable alerting

In the ever-evolving landscape of technology, the passage of time often casts a revealing light on the methods and tools we once relied upon. Twenty or so years ago, the concept of sending alerts via a public SMTP server represented a reliable communications frontier. Today, in 2023, it stands as a testament to the transformation of real-time communications and the emergence of superior alternatives.

Nineties were fine and fun, but long gone

Using public SMTP servers is unreliable in the long run

The rapid expansion of networks has increased the amount of data flowing around the world, changing our habits, our experiences, our lives. Not surprisingly, the protocols at the heart of the technologies we use every day have evolved as well.

In the late 90s and early 00s, sending an alert email through a public SMTP server (such as gmail.com or GMX.com) was one of the few ways to send email from a remote device. Today, email alerting would probably be just one of many alerting options, but it’s still very popular in the IT community. However, the fact that the embedded device sends email through the public SMTP server does not guarantee that it will be delivered to your mailbox. The fact that you tested it by pressing the „send test email” button on the remote monitoring device’s website and it worked today does not guarantee that it will be delivered tomorrow, or in one or three years! And we are talking about early email alert that protects temperature conditions on your remote site, environment in the technology room of the company or institution of your paying customer.

To be clear, we are only talking about public (free) SMTP servers. It’s reasonable to use your own private SMTP server within your company. You know about server updates, you can use whitelists and so on. This is not the case with public mail servers.

Why it’s not a good idea to use free SMTP servers for alerting?

Free SMTP servers are dedicated for standalone client, smartphone client and for daily use of this service. It’s not dedicated for embedded thermometer to have an active user account for 5 years without sending an email and then bulking 10 emails within an hour. Of course, the SPAM protection in these services will identify your email alerts as spam activity and will ignore your emails.

Why is it a bad idea to use public SMTP servers in 2023?

  • SPAM issues: Public SMTP servers are constantly improving their protection against SPAM messages. Your personal computer, laptop or smartphone doesn’t have a problem with this, but a 3-15 year old thermometer is another story.
  • Deliverability issues: Due to strict email authentication requirements (such as SPF, DKIM, and DMARC), misconfigured email servers can cause emails to be marked as spam or rejected altogether. This can prevent legitimate email from reaching its intended recipients.
  • Blacklisting: Email servers and IP addresses can end up on email blacklists for a variety of reasons, such as sending too much spam or experiencing security breaches. Being blacklisted can result in email delivery failures.
  • Server downtime: Email servers can go down for maintenance, hardware failures, or cyber attacks. During these times, email delivery can be delayed or interrupted.
  • Limited encryption: Although SMTP supports encryption (SMTPS and STARTTLS), not all email servers and clients implement it properly. This leaves email content vulnerable to interception in transit.
  • Full inbox: Have you ever run out of space on the public email service? Haven’t yet?
  • Overreliance on email: In an era of instant messaging, collaboration tools, and remote monitoring centers, organizations and individuals may rely less on email for critical communications, reducing the urgency to address its reliability issues.

Email popular and easy to use alerting option. But the long-term reliability of free SMTP servers is not the same today as it was in the past. The truth is that public SMTP servers and services have gone through a huge, transitional change over the past two decades. And encryption has been a big part of that change, as we’re now moving into a world of mostly encrypted communications.

Take a look at this timeline:

  • SSL 1.0 (1994): The first version of SSL was never released to the public due to security vulnerabilities.
  • SSL 2.0 (1995): The first public release of SSL, but it had significant security flaws. It introduced the concept of a secure handshake and encryption of data in transit.
  • SSL 3.0 (1996): SSL 3.0 addressed the vulnerabilities in SSL 2.0 and became widely used to secure Web communications.
  • TLS 1.0 (1999): Transport Layer Security (TLS) was introduced as an upgrade to SSL 3.0 to address vulnerabilities and improve security. TLS 1.0 maintained compatibility with SSL 3.0.
  • TLS 1.1 (2006): TLS 1.1 included security enhancements such as protection against Cipher Block Chaining (CBC) attacks and more secure hash functions.
  • TLS 1.2 (2008): TLS 1.2 further enhanced security by introducing support for advanced encryption algorithms, including AES-GCM and SHA-256.
  • TLS 1.3 (2018): TLS 1.3 is the latest and greatest standard for securing Internet communications. It brings significant improvements in security, performance, and reduced latency. Notable features include faster handshakes, elimination of insecure cryptographic algorithms, and perfect forward secrecy.

With any of these developments in encryption technology, you would probably need to make sure that the alerting device is still connected to the public SMTP service provider. And we’re not talking about captchas and other human verification methods that add another layer of complication.

Another major change was the introduction of a separate username and password for the SMTP client that is different from the end-user username and password. This further complicates the device’s integration with the public SMTP server, making it more difficult for an ordinary user to get the system to work reliably in such a configuration. And having to check a hidden box somewhere to continue using an embedded system is not the answer.

Easy to use & long-term reliable solution?

Long-term reliable email alerting is a critical part for 20-50% of HW Group customers. To provide you with „only” our own SMTP server will be very limited solution.

We have a better solution for you with device invalid (disconnected) alerts, graphs and one place to manage all alerts: Portal. In free version for up to 20 devices connected to one user account: www.HWg-cloud.com.

Providing a long-term reliable solution is exactly why HW group develops the SensDesk technology portal. To give HWg customers a long lasting approach to send a mission critical alert and assure the user that the message has been sent.

Of course, it means that you have to learn the portal features, accept that it will take you another 15 minutes, +15 minutes to learn how to set it up and work with it.

Email alerts from the portal (considering the free HWg-cloud.com):

1) User is notified when the sensor goes above or below the user-defined safe range.
2) User will be notified in one hour if the monitoring device is disconnected (Internet or power outage).
3) All emails are managed in one place. It’s easier to update email addresses when someone leaves the company and email needs to be updated.

Is this really free?

Yes, email alerting, device invalid alert and 10 days history with graph are free at www.HWg-cloud.com. HWg provide this as a service for their devices.

Only for longer history, SMS alerts, PDF reports and other services you will need to pay for the portal, either www.SensDesk.com or solutions from local portal providers.

What is RME (Remote Monitoring Ecosystem)?

In HWg we provide much more than just the email alerting monitoring device. Even with the cheapest STE2 LITE device you can use the whole ecosystem of our RME services:

  • SMS-Gateway for SMS and voice call alerts
  • UPS for power backup
  • HWg-cloud for free or paid SensDesk subscription
  • XML and SNMP API
  • HWg Monitor application

Summary

Do not rely too heavily on the public SMTP server, especially for mission-critical alerts. The 90s are over. Yes, you can save 30 minutes and rely on a free SMTP mail service.

But every single SPAM protection measure implemented by this free service will probably disable your email alerts and you won’t get any notification about it.

Use HW Group’s portal service. It’s free and much more reliable in the long run. The HWg-cloud.com or the paid SensDesk.com portals. Both would save your time and effort and eliminate the loss if the alert isn’t delivered on time.

4 simple reasons to use HWg-cloud free Portal:

Skontaktuj się z nami