End of Support for SMTP Authentication Using CRAM-MD5

End of Support for SMTP Authentication Using CRAM-MD5


On June 26, 2013, Blackrock Networks, Inc.  will be performing a maintenance on the Blackrock Networks, Inc. Email and Microsoft Hosted Exchange environments which will remove the ability for mail clients to send mail using the legacy authentication protocol, CRAM-MD5. Once removed, a very small portion of our customers may lose the ability to send mail until their mail client's SMTP authentication method is changed.

Why is Blackrock Networks, Inc. making this change? Blackrock Networks, Inc. is continually striving to improve the quality, usability, and security of our mail offering. While CRAM-MD5 is a secure authentication protocol, the industry as a whole has been migrating away from using this mechanism. The recommended method for sending mail today is to use PLAIN/PASSWORD authentication over an SSL or TLS connection.

Will I be impacted? Our extensive testing in preparation for this maintenance has proven that the vast majority of mail clients do not use CRAM-MD5 by default. It is very difficult to pinpoint each and every mail client, version, device, etc that could be impacted, although we do know that if you are running one of the following configurations you could be impacted by this change:

* NOTE: Customers using iPhones with Mobile Sync enabled will NOT be impacted.

I'm impacted / will be impacted... How do I fix this? If you feel you may be impacted, or after the maintenance is complete you are no longer able to send mail from your email client, you can resolve this issue using one of the following means:

  1. Re-configure your mail client so it does not use CRAM-MD5 authentication for SMTP (sending).
  2. We also suggest connecting to our system via SSL or TLS when sending mail.

Is there a workaround while I'm trying to set this up properly? Absolutely! You can always login to webmail to access and send email like normal should you experience issues and need to send something quickly.

Are we the only ones? No. There are a number of companies that are changing settings as servers are upgraded. See this post on Verizon, they will end their support in September 2013 for their current settings.