SMTP-AUTH required as of January 7, 2014

Fri, 10/25/2013 - 10:27 -- rigby

Beginning January 7, 2014, DotCIO will require password authentication to send emails and encrypted connections to the email servers at Rensselaer.

Open All | Close All

  • Who will be affected?

    Anyone using a local email client (Outlook, Thunderbird, MacMail, etc) to connect to their IMAP mailbox should check that EVERY client is properly configured.

  • What you should do:

    1.  To confirm your client is using SMTP-AUTH, send a test message to smtp-auth-test@rpi.edu from EACH client you use to send email.  

              A reply will inform you if you need  to change your email client configuration.

    •      If the reply states "This client is configured properly.", no further action is needed for that client.  Be sure to perform the test with ALL clients you use to send Rensselaer email.
    •      If the reply states "Your message to smtp-auth-test@rpi.edu from ........@rpi.edu failed." you will need to make changes to your email client settings.  Please go to  http://dotcio.rpi.edu/services/email/imap/client-configuration and select your email client from the list on the right.  Once changes are complete, restart your email client and send another test message.
    •      If the reply states "Your message to smtp-auth-test@rpi.edu from ......@(an address that is NOT rpi.edu) failed.", this indicates that your email was sent from another email account.  Please open your email client and re-test with your RPI account.

    2.  To confirm your client is using encrypted connections, check that your server settings use TLS/SSL for incoming and outgoing mail servers.  Detailed information about these settings for each client can be found at http://dotcio.rpi.edu/services/email/imap/client-configuration.

     

  • Who will not be affected?

    • Individuals who use http://webmail.rpi.edu

    • Faculty and staff who use the Exchange server

    • Most mobile devices are already properly configured

  • Why is DotCIO implementing these changes?

    The primary goals of these changes are to:

    • ensure that no passwords or email data is transmitted unencrypted.
    • better ensure that email sent from the RPI.EDU domain is authentic.  (by doing this, we can filter out messages that spoof (fake) rpi.edu addresses, a common spammer tactic.)
    • prepare for future security enhancements that would allow third party email services to check the authenticity of email with an rpi.edu address.