Tuesday, June 11, 2013
CRAM-MD5 is a secure log-in method used by some mail clients to encrypt user credentials during SMTP requests. In recent years it has been largely replaced by technologies like SSL or TLS, which encrypt the entire mail connection - not just the log-in request.
As a result of security enhancements in our user management systems, starting on June 25th, 2013, our Private Email and Microsoft Exchange platforms will no longer be able to support CRAM-MD5 SMTP connections. Our testing shows that most mail clients will handle this change gracefully. However, Apple Mail, Thunderbird, Windows 8 Mail, and possibly some iPhone users will be unable to send messages until they update their settings. These mail clients will still be able to receive and access email.
Please see the articles linked below for more information on how to update each of these mail clients to stop using CRAM-MD5. Also, please take this opportunity to encourage your users to make sure their mail client is configured to use SSL so their personal information is as secure as possible.
While this change is inconvenient, we believe the long-term gains in user security make it absolutely necessary.