End of Support for SMTP Authentication Using CRAM-MD5 Print

  • 30

CRAM-MD5 is a secure log-in method used by some mail clients to encrypt user credentials during SMTP requests. In recent years it has been largely replaced by technologies like SSL or TLS, which encrypt the entire mail connection - not just the log-in request.

As a result of security enhancements in our user management systems, starting on June 26, 2013, our PayGo Email and Microsoft Exchange platforms will no longer be able to support CRAM-MD5 SMTP connections. Our testing shows that most mail clients will handle this change gracefully. However, Apple Mail, Thunderbird, Windows 8 Mail, and possibly some iPhone users will be unable to send messages until they update their settings. These mail clients will still be able to receive and access email.

Please see the articles linked below for more information on how to update each of these mail clients to stop using CRAM-MD5. Also, please take this opportunity to encourage your users to make sure their mail client is configured to use SSL so their personal information is as secure as possible.

While this change is inconvenient, we believe the long-term gains in user security make it absolutely necessary.

Which mail client are you using?

Help! I am using Mac Mail.

Help! I am using an iPhone.

Help! I am using Thunderbird.

Was this answer helpful?

« Back