cancel
Showing results for 
Search instead for 
Did you mean: 

E-sign email

Lmm72
Regular

Anyone had problems receiving their e-sign email?  I received emails with device plan & agreement & one to say my order has gone through but that’s it. That was 2 days ago. 
been on chat & spoken to customer services & it’s still not resolved. I didn’t know there was even an e-sign document to sign until today & there was no mention of it when I ordered the device. Surely it should have come through as soon as I placed the order as it was supposed to be next day delivery. I already have two devices which I don’t think I will be renewing when the contracts are up & I’ve been with 3 10 years + without any bother until now

30 REPLIES 30
Nikkiheath83
Fledgling

mutiple problems with it got cancelled once now they doing again just keep telling me to wait and keep repeating the same thing searching for one some where else now to much stress easier get it originally than to upgrade joke 

Corneli
Fledgling

I am having same problem! Did you get it solved?

Denis5
Fledgling

Did happen with me only they saying wait for another 24h and its been 3 days now don't know who is works there but definitely they incompetent to do sort of work where is the management absolutely terrible service and its getting worst and worst 🤦‍♂️

Jacann64
Fledgling

Yes I am having problems and have been in the phone for 2 days the left hand don’t know what the right hand is doing.

I explained that if this does not go through I will need to go through credit checks again - thus impacting my credit file. The fact that they are aware of this surly they have a duty of care to alert new & existing customers of this giving the customer a choice.

Joanne
Fledgling

Having the same issue upgraded on Sunday had no e-sign documents through had to upgrade again today because of it had all documents apart from the e-sign it’s stressing me out 

bnewton
Regular

The error logs are as follows, this suggests that three.co.uk need to hire better technical staff 🙂

2023-09-05 11:52:04 H=cluster-j.mailcontrol.com [85.115.54.190]:60486 sender verify fail for <noreply@notification.three.co.uk>: cust7051-s.out.mailcontrol.com [85.115.60.190] : SMTP error from remote mail server after RCPT TO:<noreply@notification.three.co.uk>: 550 5.7.1 <noreply@notification.three.co.uk>... Relaying denied
2023-09-05 11:52:04 H=cluster-j.mailcontrol.com [85.115.54.190]:60486 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<noreply@notification.three.co.uk> rejected RCPT <EMAIL REDACTED>: Sender verify failed

 

bnewton
Regular

Same exact problem here. It turns out that this is because three's technical support team is incompetent.

Let me dissect this issue for you...

Firstly, three send customers emails from multiple domains, which, is bad practice. In today's age, ideally, customers should be familiar with one or two solidly recognisable email addresses which they can easily identify as authentic. Once you introduce multiple subdomains and multiple emails, you muddy the situation and introduce security risks and vulnerabilities for your customers.

So, let's look at the email addresses which three use during the order checkout process:

 

@mails.three.co.uk
@servicemails.three.co.uk
@service.mails.three.co.uk
@notifications.three.co.uk

 

This is where it get's interesting. The first three emails work fine, they are set up correctly, they are secure, they have the appropriate authorisation and security protocols in place. Those emails are the accounts which send the 'order confirmation' and 'customer agreement form'. The reason you receive those emails but not the eSign one, is because those emails are sent from an email address that is properly configured on the server.

Unfortunately, problems arise when we investigate notifications.three.co.uk (which, it appears is the email address used to send the eSign form/link).

It turns out that notifications.three.co.uk domain DOES NOT have a DKIM or SPF record set up. This is awful news for three's customers, and introduces all kinds of vulnerabilities and security risks. Firstly, not having these records appropriately set-up, means that hackers can hijack, intercept or spoof emails to make them look like they were sent by three, when in fact they were not. The reason the eSign document is never received by customers, is because, it is sent from such a vulnerable email. Most email servers will rightfully reject this email without even putting it in the user's spam folder, it will simply be outright rejected and disappear into non-existence. This is because the recipient email server is unable to authenticate the authenticity of the sender.

I've tried to raise this issue multiple times, but, so far it's fallen on deaf ears. Nobody in their overseas call centre cares, nor do they understand English well enough to grasp how serious of a situation this is, and how urgently it should be addressed. This is a security risk.

JohnD
Employee
Employee

Hey @bnewton 

Thanks so much for taking the time to send this over and collate this info together. 

I wanted to advise that I've taken the above detail and passed it on to a couple of colleagues who'd be best suited to look into this. 

Thank you

John D

SteveR
Regular

Did you finally get your e sign sent to you if so how long did it eventually take?

Lmm72
Regular

No, still waiting