Setting up a new computer, I tried to re-establish my TPG POP3 email on Thunderbird 78.3.1
After about a month of failing to establish a connection and reading everything I could on Help/Support/Community on Whirlpool, Thunderbird & TPG and trying all combinations of Ports, Security, etc the only setting that will work is to disable all security. To do this I have to assume the risk, as per this screen shot.
The issues appears to be with TPG. Their advice for setting up Thunderbird is way out of date and does not work. They donât seem to be interested in updating that advice from Thunderbird 3 to Thunderbird 78. Thunderbird does not have settings from TPG, and TPG are not providing them (secure settings) to their consumers. Existing customers who found their latest version of TB no longer works with TPG are being advised to change their security level to the lowest setting.
I am not happy agreeing to assume the risk, particularly as I donât understand the risk, and there would be no need to if TPG fixed their end.
I notice you are trying to use POP3 if I have read your post correctly so if you havenât tried IMAP try the following:
IMAP using port 993 with SSL/TLS (accept all certificates) for incoming and port 465 outgoing (SMTP) and again SSL/TLS (accepting all certificates again)?
I prefer POP3 (messages on my computer) as the IMAP (if I understand TPG) only keeps them for 45 days then deletes. TPG says they support IMAP but users on their Support Community have difficulty getting it to work. I have used POP3 with Thunderbird & TPG for years without a problem.
I tried your suggestion - IMAP using port 993 with SSL/TLS (accept all certificates) for incoming and port 465 outgoing (SMTP) and again SSL/TLS - and get the error message âThunderbird failed to find the settings for your email accountâ
Np try without SSL/TLS for those IMAP settings then, and I understand your concerns regarding the keeping of emails.
Ahh found the problem
Manual configuration and in server hostname put mail.tpg.com.au for both POP3 and SMTP using ports 995 and 465. SSL/TLS for both and authentication use normal password.
Seems a common problem, this thread from 2Q2020. Maybe something in it will be helpful? TPG does not seem so concerned because this and other similar tpg.community topics close with âuse something else, we do not provide support for third party clientsâ.
I remember I also had problems with POP3 setup with TPG and used the following which worked at our endâŚ
For your incoming mail server, try pop3.tpg.com.au and port 110
and outgoing try smtp.tpg.com.au and port 587
edit: should have also said that the TPG account will need to be manually set up in Thunderbird by going to Tools - Account Settings and then in the Account Actions dropdown, select Add Mail Account. This website may assist.
TGP have issued a âsolutionâ but they want the consumer to assume all risk. The âsolutionâ is:- no security, password transmitted insecurely and the consumer to tick the box that they understand the risk. The alternative is to downgrade to an earlier version of Thunderbird.
TPGâs response re Thunderbird seems no more business affecting than googleâs persistent and irritating admonishments that âyou are using an insecure appâ unless you use their preferred authentication mechanism.
It is amazing how few I know who use Thunderbird; the general user seems happy to use outlook or the web interfaces.
TPG will probably not lose a customer because of it, and google is google.
For Thunderbird go to Tools, Options and type âConfig Editorâ into the search field at the top right.
Click on the Config Editor button then click on âI accept the riskâ. Enter âsecurity.tlsâ in the search field. Double click on security.tls.version.min and replace the strong text3 with a 1. Go to Tools, Account Settings, Server Settings and set Connection security to STARTTLS. This gives some level of security even if it is at a minimum.
TPG is still not providing any level of security and advising their customers to assume all risk. I asked if there was another email client I could use which did have security, but at the moment they are all in the same boat - Outlook etc
I tried to escalate it, but I keep getting pointed back to the easy solution of the customer assuming all risks for an insecure connection.
I decided, after 6 months of inaction, to give them a poor review on ProductReview, only to find they have over 5,000 One star reviews already & 1.7star total. They were a good company to deal with when I joined up in the 1990âs, although Support was usually long and drawn out multiple phone calls. As an aside, because I signed up to their Community forum I was issued with a private mail box which is now attracting junk mail which is redirected to my tpg email.
Is there some rule about TPG that users are forced to use the supplied email? I wouldnt bother. If I wanted to stay with TPG I would but I would use a secure service, like the free Protonmail. Hell, Iâd even use gmail (and thats saying something, since I have dropped gmail)
No. Like any ISP, use of the provided email services is optional. They also support customer which use non-TPG emails for contactâŚwhat being any email address can be used for account registration etc.
The issue is that if you have a TPG email address âwhatever@tpg.com.auâ then it is held on the TPG servers until your email client (Thunderbird etc) requests it be forwarded to your computer.
If TPG does not support security, then the email is insecurely sent to your computer (password, content etc not encrypted) and might be vulnerable to hackers. This is regardless of your email client (Thunderbird, Outlook etc) as the issue is squarely with TGP for not updating their security. Someone more knowledgeable could describe the risks.
I could change my email to another ISP which does take security seriously, but that would mean changing two email addresses that I have had for decades. We are on Satellite NBN (slow âŚ) and mobiles donât work here, so I use email for two factor authentication for banking etc. Thatâs the problem.
It feels like a huge impost right now, but trust me, its worth the effort. If you use that email address for TFA, then you really are in trouble if you wonât make the change. How much effort is there in changing that email address to something else? Iâd hazard a guess that almost everyone here has been in the same situation as you and has found it much easier to do once you start. It doesnt matter if you have had the address for decades⌠if TPG is not prepared to up their security, youâre screwed.
pick one, and get a VPN as well. I currently pay for protonmail, but the free service is pretty good, just very limited storage
You can get a email signing certificate and sign your emails with that⌠By the same process you can get all emails sent to you signed and encrypted by your public key and decrypted by your private key. Security is only as tight as your control over your private key.
Just updating - TPG still hasnât addressed the issue of security on email. Their advice for Thunderbird, Outlook etc is to set up with No Security, Unencrypted Password etc and for the customer to tick the box to say they are aware of the risks and will accept them.
Customers were still asking when this will be resolved and their last response (31/3/21) was the same as October 2020 - âweâre working on it, when we do something weâll tell youâ
In the meantime I have been accessing email through TPG Post Office with all its limitations. Now there is a Phishing email purportedly from tpg (no-reply@tpg.com.au) which is doing the rounds of their customers with tpg email addresses, saying you need to update your details, click here (Pharming). The messages are all the same, so no change of text, address etc. They are aware of it but it still isnât picked up by their spam filters a week later.
It is hard to report issues to them as you are re-directed to the Community Forum for other customers to help. Occasionally a âmoderatorâ will post, usually just to re-state their inaction, or apologise and do nothing. With Scam emails, they just fob you off to Scamwatch, who donât fix it, only use the reports for statistical purposes. They donât have a way to report Scams. I have been getting more phishing emails than real ones this last fortnight. It is frustrating. They used to be a good company.
Might be worth revisiting this. I donât have a TPG username and password to test with, but using POP3 with TLS (hence port 995) to mail.tpg.com.au seemed to work i.e. the TLS connection was correctly made but then it complained that I did not supply a username and password (which of course I canât do) with the rather laconic error message of:
Mate, the command must be one of CAPA, USER, PASS or QUIT
which would be absolutely right if it requires a valid username and password before going ahead.
To be clear, I was not using Thunderbird. I was just accessing from the command line - so that I could see what is actually going on.
To be honest, from all the posts above, I couldnât work out what an actual error message is.
Of course, Thunderbird gives you a warning if you configure not to use transport security but not using transport security is not the right solution anyway.
It is possible that you need to change security.tls.version.min as suggested in the post by @âerroldel but in that case I would note its current value and step it down one at a time until it works (starting with the assumption that it will work without adjustment).
The bad news is that TMG would surely retain the situation that the current settings work - whether those settings be good or bad from a security point of view - because they donât want thousands of support calls with customers fumbling around trying to change settings. They want the migration to be seamless. I would think though, based on this post, that both with TLS and without TLS should work as of right now.
