Loading...

Knowledge Base

CRAM-MD5 SMTP Not Supported: The Future of SMTP Authentication and Email Security

Email transfers have been authenticated using the challenge-response authentication mechanism known as CRAM-MD5, which is often connected to the POP, IMAP, and SMTP protocols. To improve email security and integrity, the decision has been made to discontinue support for CRAM-MD5 SMTP Authentication for sending emails, effective April 2022, under the policy CRAM-MD5 SMTP Not Supported.

However, a few (Apple, Mac, and Thunderbird) may have this set as a default. If you are impacted, you will not be able to send emails.

We recommend reviewing your email settings and using alternative SMTP authentication methods by updating to Plain/Password authentication over an SSL (Secure Sockets Layer) or TLS (Transport Layer Security) connection.

Select your device or software below, then follow the instructions to review and update your SMTP Authentication settings.

In this article, we will discuss:

Update SMTP Authentication for iPhone/iPad

Follow the steps below on how to update SMTP Authentication for iPhone and iPad OS.

  1. Open Settings.
  2. Scroll down and select Mail.
  3. Next, click on Accounts.
  4. Select your email account, then choose your email address.
  5. Tap SMTP at the bottom of your screen.
    SMTP button.
     
  6. You will see Authentication with an arrow next to it. Tap this option.
     
  7. If you have MD5 Challenge-Response selected, change the option to Password.
    MD5 Challenge-Response option.
     

You have updated your SMTP settings.

 

Update SMTP Authentication for Mac Mail

Follow the steps below on how to update SMTP Authentication settings for Mac Mail.

  1. Open Mac Mail.
  2. Click Mail, then click Preferences.
    Preferences button.
     
  3. Click Accounts and select your email address.
    Mac mail accounts.
     
  4. Use theServer Settings pane to edit the SMTP Server List.
    Edit SMTP Server List option.
     
  5. Select your outgoing server and click Advanced.
  6. If it is set to MD5 Challenge-Response, change External (TLS Certificate) and click OK.
    External (TLS client Certificate) option.
     
  7. You will be returned to Account Preferences.

You have updated your SMTP settings.

Update Authentication for Thunderbird

Follow the steps below on how to update SMTP Authentication settings for Thunderbird.

  1. Open Thunderbird.
  2. Select your email address and click View settings for this account.
    View settings for this account button.
     
  3. Click Edit.
    Outgoing Server Settings Edit button.
     
  4. Select the drop-down menu next to Authentication method. If an Encrypted password is selected, change it to a Normal password.

 

FAQs

You can find frequently asked questions regarding CRAM-MD5 SMTP Authentication and its deprecation.

Let's say you want to prove your identification to a friend without providing your ID, and you want to be sure that no one else who is listening can figure out who you are. That's how CRAM-MD5 SMTP authentication functions while sending emails. When your email program wants to send an email, the email server asks it to solve a unique puzzle, but only in a way that someone who knows the secret password can. However, there are now more modern, secure techniques to verify identities, thus this method has become outdated.

Your email server may not support CRAM-MD5 for various reasons, most of which stem from improved security procedures and the need to secure email communications better. You should make sure that your email client is up to date with the most recent version and set up to use the updated and current authentication methods, such as those that rely on SSL/TLS for encryption and more secure authentication protocols. To update your email settings, use the tool below. 

 To find your email settings, enter your domain name in the form below. 

Can't Find the Search Box?

If you can't find the search box for entering your domain name, you can access the settings directly through the dedicated search form.

Troubleshooting reCAPTCHA Issues:

If the reCAPTCHA security check isn't displaying within the form, here are some troubleshooting steps:

  • Wait a Few Seconds: After you check the reCAPTCHA box, wait for 3 seconds before clicking "Submit."
  • Update Your Browser: Ensure you're using the latest version of your web browser to avoid compatibility issues.
  • Disable Conflicting Extensions: Certain browser extensions or plugins might interfere with the form. Try disabling them temporarily to see if this resolves the problem.
  • Try Another Browser: If the issue persists, try accessing the form using a different web browser.

Additional Resources:

For further details on reCAPTCHA, you can visit the Google Support page: https://support.google.com/recaptcha.


Below is a detailed explanation of the email settings.

  POP IMAP
Email Address:  The email address you are setting up. The email address you are setting up.
Incoming Mail Server: A system that receives an email. The server is found in the above results. A system that receives an email. The server is found in the above results.
Incoming Server Port: 995 - A setting that mail servers use for receiving an email. 993 - A setting that mail servers use for receiving an email.
Outgoing Mail Server: A system that sends email. The server is found in the above results. A system that sends email. The server is found in the above results.
Outgoing Server Port: 587 - A setting that mail servers use to send an email. 587 - A setting that mail servers use to send an email.
Outgoing Server (SMTP) requires authentication: Yes - Your full email address and password. Yes - Your full email address and password.
SSL/TLS: Enable this option. Enabling SSL and using TLS ensures your email remains secure. Please be sure you are using a mail app that supports TLS 1.2. Enable this option. Enabling SSL and using TLS ensures your email remains secure. Please be sure you are using a mail app that supports TLS 1.2.

Below are the email settings for Dotster and Mydomain customers:

 
Email Settings for Dotster Customers  

Below are generic settings that should work for any email client or mobile device.

Setting What You Input
Username: Your full email address
Password: Your email password
Connection Type: Server & Port info
POP Incoming Server: pop.dotster.com
Incoming Port: 110 (or 995 with SSL enabled)
IMAP Incoming Server: imap.dotster.com
Incoming Port: 143 (or 993 with SSL enabled)
SSL (Optional): Enabled or Disabled
Outgoing Server Authentication: Enabled
Outgoing Server: smtp.dotster.com
Outgoing Port: 587 (or 465 with SSL enabled)
 

Note: If 587 is not working for the Outgoing Port, try using port 25 instead.

Email Settings for Mydomain Customers  

Below are generic settings that should work for any email client or mobile device.

Setting What You Input
Username: Your full email address
Password: Your email password
Connection Type: Server & Port info
POP Incoming Server: pop.mydomain.com
Incoming Port: 110 (or 995 with SSL enabled)
IMAP Incoming Server: imap.mydomain.com
Incoming Port: 143 (or 993 with SSL enabled)
SSL (Optional): Enabled or Disabled
Outgoing Server Authentication: Enabled
Outgoing Server: smtp.mydomain.com
Outgoing Port: 587 (or 465 with SSL enabled)
 

Note: If 587 is not working for the Outgoing Port, try using port 25 instead.

.

Email communications are vulnerable to several risks while using CRAM-MD5 SMTP authentication, mainly because it is deprecated and unsupported. As more secure authentication techniques have become standard, CRAM-MD5 support has decreased. It is advised to update SMTP settings for CRAM-MD5 deprecation and utilize more recent and secure SMTP authentication techniques, such as those that combine stronger authentication procedures with SSL/TLS encryption, considering these threats. These offer email conversations a far greater level of security by guarding against interception, preventing unauthorized access, and guaranteeing the integrity and confidentiality of messages.

 

Glossary

Below is the description of technical terms regarding email authentication and email security.

  • SSL/TLS - The foundation of secure internet communication is TLS (Transport Layer Security) and SSL (Secure Sockets Layer). They function by establishing a secure connection via encryption between your web browser and the email server, guaranteeing the confidentiality and integrity of any information exchanged between them. This is essential for any online activity that demands data integrity and privacy, like shopping online, banking, and accessing your email. Consider SSL/TLS as a secure tunnel that keeps your information safe from attackers.
  • SMTP - Simple Mail Transfer Protocol, or SMTP for short, is the accepted method for sending emails over the internet. SMTP is the mechanism that transfers an email from your email client (such as Outlook or Gmail) to the email server of the recipient when you click the "send" button. The recipient's email provider then takes over, getting the message via other protocols (such IMAP or POP) so it can be viewed, once SMTP has completed its task of delivering your email. SMTP guarantees that, wherever in the globe that may be, your message reaches its intended recipient.
  • IMAP - IMAP is short for Internet Message Access Protocol. Email clients employ this method to retrieve emails straight from a mail server. You may read and manage your emails directly on the server with this protocol. All your devices will be able to access your email, and any changes you make in your email client will be synchronized with the server and reflected across all of them. IMAP is particularly useful for people who need to access their emails from various locations or devices, offering a flexible and consistent email experience.
  • POP - POP, or Post Office Protocol, lets you download emails from a mail server to a local computer. When you use POP, your email client retrieves all your emails and saves them on your device, allowing you to read them offline. However, since POP downloads and often deletes emails from the server, it's best suited for people who prefer to access their email from a single device.
Important: When using this protocol, emails downloaded to your device will be deleted permanently from the mail server.

Review

CRAM-MD5 SMTP authentication is being phased out due to security flaws, the emergence of more reliable methods, and the requirement to adhere to modern cybersecurity best practices. In today's digital world, switching from CRAM-MD5 to more sophisticated and secure authentication technique is imperative to safeguard the availability, confidentiality, and integrity of email exchanges. Many problems could occur if you don't switch from CRAM-MD5 SMTP authentication to a more advanced and safer authentication which includes email delivery failure, increased security risks, technical problems and support.

Did you find this article helpful?

 
* Your feedback is too short

Loading...