Beginning January 7, 2014, DotCIO will require password authentication to send emails and encrypted connections to the email servers at Rensselaer.
SMTP-AUTH required as of January 7, 2014
Who will be affected?
Anyone using a local email client (Outlook, Thunderbird, MacMail, etc) to connect to their IMAP mailbox should check that EVERY client is properly configured.
What you should do:
1. To confirm your client is using SMTP-AUTH, send a test message to email@example.com from EACH client you use to send email.
A reply will inform you if you need to change your email client configuration.
- If the reply states "This client is configured properly.", no further action is needed for that client. Be sure to perform the test with ALL clients you use to send Rensselaer email.
- If the reply states "Your message to firstname.lastname@example.org from ........@rpi.edu failed." you will need to make changes to your email client settings. Please go to http://dotcio.rpi.edu/services/email/imap/client-configuration and select your email client from the list on the right. Once changes are complete, restart your email client and send another test message.
- If the reply states "Your message to email@example.com from ......@(an address that is NOT rpi.edu) failed.", this indicates that your email was sent from another email account. Please open your email client and re-test with your RPI account.
2. To confirm your client is using encrypted connections, check that your server settings use TLS/SSL for incoming and outgoing mail servers. Detailed information about these settings for each client can be found at http://dotcio.rpi.edu/services/email/imap/client-configuration.
Who will not be affected?
Individuals who use http://webmail.rpi.edu
Faculty and staff who use the Exchange server
Most mobile devices are already properly configured
Why is DotCIO implementing these changes?
The primary goals of these changes are to:
- ensure that no passwords or email data is transmitted unencrypted.
- better ensure that email sent from the RPI.EDU domain is authentic. (by doing this, we can filter out messages that spoof (fake) rpi.edu addresses, a common spammer tactic.)
- prepare for future security enhancements that would allow third party email services to check the authenticity of email with an rpi.edu address.