There are still quite a few small and medium-sized ISPs out there who use technology such as POP before SMTP to allow mail relaying. However as threats increase, it’s become standard operating procedure to require proper authentication from end-users to allow outbound mail relay. One of my customers came up with a fairly gentle way to ease their user base into using SMTP Authentication (SMTP AUTH).
Here’s how to tackle the process based on how the client did it:
1) Start with 30-days advanced warning to all users that they will be forced to use SMTP AUTH as of a given date (the REAL target date is to have everyone moved over within 60 days).
2) Provide self-help documentation on how to enable SMTP AUTH in most common mail clients, and how to change the submission port number from 25 to 587 (this is a good idea if you plan to deploy SMTP AUTH over the proper submission port).
3) Repeat the warning at T minus 15 days.
4) Send another repeat warning at T minus 7 days.
5) Cut over to SMTP AUTH only on the appointed day (and disable POP before SMTP).
6) At this point, your help desk may be flooded with calls, so take them as they come and guide the users through the switch. At the end of the work day, switch POP before SMTP back on. Send another warning to customers that you will try again in 7 more days.
7) Wait 7 days. Go back to step 6.
8) At some point, usually after the third run, calls will calm down to a trickle so you won’t need to switch back to POP before SMTP. Your help desk will just need to deal with the stragglers.
9) Job done.
Leave a Comment