Lately I have taken special note of the increase in webmail use at my facility. This is the normal response when restrictions are placed in our acceptable use policy for internal e-mail use.

The Issue:
=============================
Static webmail session IDs

Example:
=============================
http://ms04.mrf.mail.rcn.net/wm/mail...ail&mbox=INBOX

NOTE!!! I changed the SessionID so don't bother trying to get into this account.

The Guilty
=============================
Well you can easily see that RCN is at fault here but they are not alone. *MANY* ISPs are using this lazy approach. My advice to you is to copy the URL to your webmail session to a text file then take it to another PC and see if you can access your inbox. I have a list of 37 ISPs who currently employ this horribleness. I have informed each and every one along with the user. So far, only 3 have made changes.

In the past, I used to be able to release info on problem ISPs but DHS has spoken and I no longer can without a ton of red tape traversal. Just do yourself a favor and be sure that your ISP doesn't set static sessionIDs on your webmail sessions. Think about what I can do if I can gain access to your account this way. Muhwahahahaa.

Seriously though. I can't say it enough. Check into it.

--TH13