Why does IU require SSL and authentication to use the SMTP servers?
Indiana University requires SSL and authentication for the university SMTP servers to increase security and stem the flow of email messages propagating spam, viruses, and worms. To send email out from IU using the SMTP servers, you must configure your email program to use those security features.
Security
SSL protects outbound email by encrypting it before sending it to an SMTP server. Authentication ensures that only legitimate IU users are able to send email messages through the SMTP server to email addresses outside IU. Email messages sent to addresses within the IU system do not require authentication.
Stemming spam, virus, and worm traffic
SSL and authentication help to stem spam, virus, and worm email
traffic. With SSL in place, viruses and worms with their own SMTP engines
cannot communicate with mail-relay.iu.edu. Even if virus
writers add that ability in the future, those infections will be
unable to access IU's SMTP servers because of the authentication
requirement. A fair amount of spam comes from infected computers;
therefore, SSL and authentication also reduce spam email traffic.
Note that this information applies only to IU users using the
university SMTP servers (mail-relay.iu.edu)
for outbound email. Spam and viruses on email inbound to IU are
defended against in other ways. For more information, see What does IU do to protect users from spam and virus-infected email?
Last modified on February 03, 2011.
