I have been very happy with the service and used it many times over the years since COVID, but I am cancelling my account.
Two factor authentication was added semi-recently and for some reason those email messages do not reach me. Support informed me that it was a ‘hard bounce’ but would not give me the diagonstic email to understand where and how to fix the problem.
The entire support communication took place using the email that would not work for MFA. Support told me the only option is to change my email address. I completely understand that getting the issue fixed could take some time but giving up is not an acceptable option.
@analognomad, sorry to hear.
There are several threads on THS implementation of 2FA. All bad. It’s a common technology that has been around for many years. THS is a laggard implementor. Yet still made a mess. Almost all modern websites (such as THS Forum) offer non-email options (e.g. authenticator apps, SMS) and make 2FA optional.
Does your email address successfully receive 2FA codes for login to other websites?
A “hard bounce” for the email failure to a known working email address would generally refer to your email provider refusing delivery with a permanent block. There is likely very little or nothing that THS can do to alter the email that is being sent, hence their suggestion to use a different email provider. It would be that or you would need to engage with your email provider to get them to rectify the block they have in place.
They have given you a good option to resolve the problem. You have chosen not to try it.
I asked them for the actual bounce message so that I could resolve the problem. I have operated mail servers professionally and am very familiar with the systems. They would not tell me anything other than “it is a hard bounce” and “user not found”.
My email provider does not see any attempts from them.
@analognomad, hearing your frustration. And respecting your tech expertise.
When THS 2FA was launched, it did not work for us. Different reason to you, but that doesn’t really matter. Bottom line is that we quickly appreciated no credible reason why THS would change its related technology development - even if it was (and still is) lousy. So we determined to take a deep breath; not pick a battle, however appropriate; and to create a workaround. For us, that involved creation of a new shared alias email address - that would work with THS protocols.
If THS tech support can’t fix this and it’s really not that difficult it speaks volumes about their lack of technical capability and to refuse to provide you with more information just exposes their incompetence. I don’t blame you for leaving, I suspect that for you 2FA was the final straw,
As the OP said THS wouldn’t share any further technical details e.g. the NDR (Non Delivery Report). There’s a lot more that could be gleaned from the THS mail server logs and message tracking. The NDR would contain information and a code e.g. SMTP Error 500 that helps to track down the root cause. If the OP had that information he could work with his email provider.
It’s blindingly clear from the multiple complaints that THS didn’t properly test 2FA prior to implementation. Also, there is no option available to members to disable it. While 2FA is common and mandatory in some countries for certain businesses, it isn’t in the UK for sites such as THS. In addition I find it interesting that 2FA is properly enabled for the THS Community Forum using an authenticator app, a more secure solution,
THS don’t actually manage the sending of these MFA messages. They appear to be using SparkPost for this. While I haven’t personally used SparkPost for these kind of bulk mailing services I would expect that they likely don’t routinely provide access to any NDR for failed message delivery. I can tell you from experience that the NDR for messages that are correctly formatted (and the MFA messages are correctly formatted) are extremely unhelpful since it’s the recipient’s email provider who has determined the message should be rejected and you have zero access to change that. A message that is received correctly by probably over 99+% of the 100 thousand plus members who receive it to log on. There is nothing in the message format to change to get it accepted by the recipient’s mail system. The sender has all their SPF and DNS records set correctly. The have DMARC set to none which should allow even even more mail delivery through the spam and spoof filtering of the recipient’s mail. The recipient’s mail system is not managed by them and they not going to alter their policies to allow this message through. The obvious fix is to try another email address simply because there is no other fix. Since the OP has operated mail servers professionally I’d be shocked if they didn’t have a collection of email addresses from different providers to choose from.
But this is apparently not really that difficult. I would genuinely like to know how this is the case since I have this problem regularly (failed mail delivery due to being rejected by the recipient in general rather than specifically MFA messages) and have yet to encounter one that is not that difficult.
As for MFA not being a legal requirement for THS. Unfortunately its become necessary, largely due to users not being able to keep their passwords secure. So rather than waiting for governments to mandate it THS have decided to do something to prevent users losing access to their account so someone can set up fake sits for nefarious purposes (you may recall there was a spate of this in the past). For 100 thousand plus people email MFA is a more reasonable choice than authenticator apps.
MFA is not enforced for the forum. While you could set your account up to use an authenticator app, since Discord does support it, I would hate to see what would happen if they forced use of an authenticator app for 23 thousand people.
User not found and the user’s mail service provide reports no inbound connection attempts, why?
I have many dozens of accounts protected by MFA, mostly authenticator apps, lots of passkeys, some using SMS and email. I’ve never yet had a problem receiving notifications with any other service. My guess is that there aren’t enough disgruntled THS members to make it cost effective to investigate and solve.
Closing the loop, thanks to Jenny for getting a second look. I wasn’t hopeful when I got the same support rep and the initial email sounded the same, but eventually they got it sorted.
They had to remove a block on their end and now I can receive the MFA codes.
