Skip to main content
My preferencesSign out
Proofpoint, Inc.

SMTP Authentication

Overview

SMTP Authentication (SMTP AUTH) improves the trust between a customer's mail exchange server and Essentials to eliminate the risk of spoofing. This feature simply creates an SMTP AUTH username and password pair in Essentials that customers can enter on their email exchange server to authenticate with Essentials.

To enable SMTP authentication:

  1. Navigate to Administration > Account Management > Domains.
  2. Under the SMTP Authentication section, click New Credential.
  3. Enter a label for the credential.
  4. Click Generate Password.
Copy and save Username and Password information. This will be needed later when you enter these credentials in your email exchange and you will not be able to access this screen again after saving.
  1. Click Save.
Note: Please wait 30 minutes to start the next step as it may take up to 30 minutes for the credentials to propagate.

 

6. Follow the instructions provided by your email service provider to configure the SMTP AUTH. For O365 customers, please reference the following link: How to set up a multifunction device or application to send email using Office 365

Troubleshooting

If you cannot remember your SMTP AUTH credentials, simply create a New Credential by repeating the steps above. You may delete unused Credential pairs.

Frequently Asked Questions

The following are some common questions asked about the SMTP Authentication feature:

Q: Do customers require the use of a sending server when using SMTP AUTH credentials?

A: No

Q: If you set the force SMTP AUTH, is sending servers still required?

A: If SMTP AUTH is all you use as a customer, you can ignore the Sending Servers section and leave them empty.

Q: How does SMTP AUTH eliminate the risk of spoofing?

A: If you use SMTP AUTH ONLY (i.e., no other Sending Servers configured), it eliminates the spoofing ability originating either NATTED behind the same IP address as the Outbound mail server, or within the same shared IP space of an email service provider.  Assuming the credential is not compromised of course but at least that's a more defendable position.

Q: Is everything over port 25 still?

A: No.  SMTP AUTH Outbound uses port 587 ONLY. In fact, if it is connecting over Port 25 you will see "Relay Access Denied"

Q: What if they have the same sending server IP configured?

A: Telnet test is quite different for SMTP AUTH. Port 587 is reserve exclusively for SMTP AUTH and normal Sending Servers won't do anything on that port

Q: Does SMTP AUTH still do sender checks? 

A: Yes, the sender domain (address in the case when SMTP Discovery is off) still need to be registered and active

Q: Does this solve mail forwarding issue? (external recipients in distribution groups)

A: No, that's still open as a feature request

Q: Will I need to use TLS?

A: STARTTLS is required before SMTP Auth