Jump to content - Jump to section navigation
In 1998, viruses and unsolicited bulk email (spam) accounted for less than 1% of all email. No standards existed for authentication of email submission. Few email servers implemented spam filtering.
In June 2005, viruses and spam account for over 60% of all email, with some surveys reporting over 80%. All large email providers implement spam and virus filtering, and are beginning to require incoming email to comply with authentication standards developed in the 2000-2002 time frame. In order to get through increasingly strict filters, email submission must be authenticated.
All other universities and Internet Service Providers are also beginning to require SMTP authentication. Some examples of early adopters:
http://oit.nd.edu/email/setup_sslandsmtp.shtml
http://web.mit.edu/ist/topics/email/smtpauth/
http://cf.williams.edu/oit/faqs/smtp/
http://spf.pobox.com/saslconversion.html
http://www.columbia.edu/acis/email/authsmtp/
http://helpdesk.wisc.edu/page.php?txt=&id=2786
http://www.yale.edu/email/helpdocs/authtls.html
To change an existing installation of Thunderbird, Outlook Express, or MacOS X Mail to use mail.brandeis.edu instead of smtp.unet.brandeis.edu or some other SMTP server, see the MailAuth page.
To configure a fresh installation from scratch, see the LTS Email setup section.
LTS can only support Thunderbird, Outlook Express, and MacOS X Mail. We believe these to be the most widely used, secure, and stable clients available.
The current versions of almost all other email programs do support SMTP Authentication. Clients should be configured to use STARTTLS on port 587 or, for some older programs, SSL on port 465. Consult your product documentation or Google if you need help doing this. You can also try the peer support bulletin board at http://my.brandeis.edu/bboard/q-and-a?topic_id=21
Older programs such as Netscape 4 and Eudora versions older than 5.2 will not work reliably. Upgrade to a newer version, or to one of our recommended programs.
General settings:
SMTP Server hostname: mail.brandeis.edu (Change from smtp.unet.brandeis.edu)
SMTP Port: 587 (Change from 25. Older, non-standards-compliant clients like Outlook Express may generate errors and need to be configured to use port 465 instead. We will support both 587 and 465 indefinitely.)
Encryption: TLS negotiation required (Older, non-standards-compliant clients like Outlook Express may need to use SSL on port 465 instead)
Authentication: Log on to the SMTP server with UNet username. Please avoid having your email program "remember" your password if you can.
We could not simply add authentication and SSL to smtp.unet.brandeis.edu because many clients (in particular Eudora) are configured to use SSL "if available." Suddenly changing the availability of the encryption feature would have broken many working installations. We decided in early 2002 that it was better to change clients gradually than to change the server suddenly. In any case, clients need to be reconfigured to change from port 25 to 587, to send username and password, and to enable encryption, so keeping the name of the server the same would not substantially reduce the work required.
As of June 2005, most off-campus users are on mail.brandeis.edu. The remaining off-campus smtp.unet users have about one month to make the change.
On August 8, 2005, off-campus clients attempting to send email to any address not ending in "@brandeis.edu" will get a message about "550 Relaying denied without login - see http://mail.brandeis.edu/ or use your local SMTP server." Messages to @brandeis.edu addresses will continue to be delivered for some time.
As of August 8, 2005, on-campus computers will not be affected. They are encouraged to switch to mail.brandeis.edu, but they may continue to use smtp.unet.brandeis.edu until July 1, 2006.
Beginning January 1, 2006, smtp.unet.brandeis.edu will not accept connections from off-campus at all. Error messages will be some variation on "Connection refused." We will begin educating on-campus users in earnest.
By July 1, 2006, all client email submissions, both on-campus and off-campus, must be authenticated through mail.brandeis.edu.
Historically, port 25 was used for both server-to-server and end-user-to-server email transfers. But the idea of allowing any virus on any desktop computer anywhere in the world to connect to any email server anywhere in the world is decreasingly popular. A large and growing number of ISPs block outbound email connections in order to stop spam zombies on their network. A new standard is required. Port 25 may work for you on your ISP today, but the time may come when it is blocked without warning. It is best to switch now.
Port 587 is the Internet standard port for email submission.
Port 465 is an earlier, nonstandard port first used by Netscape for email submission over SSL. At this writing, Outlook Express still requires use of port 465; it will not work with port 587.
At this time, nothing that Brandeis is doing will impact your ability to use third party email relay servers. However, emerging standards such as Sender Policy Framework (SPF) may lead others to consider email sent through non-Brandeis servers as potential forgeries. To guarantee email delivery, you should consider changing to the authenticated relay.
