End of Basic Authentication
In September 2025, Microsoft will end Basic Authentication for sending email in Office 365 (SMTP Basic Authentication).
Email clients such as Outlook typically use Modern Authentication with Multi-Factor Authentication (MFA) and are unaffected by this change. This change affects SMTP Basic Authentication which is commonly used when sending email in a non-interactive manner, such as from MFD printers, legacy applications, or some mass mailers.
If you are sending mail with SMTP Basic Authentication, you must move to an alternative before September 2025 to avoid disruption.
Alternatives to Basic Authentication
Modern Authentication (OAuth)
If you are currently sending mail through mtar.uwo.ca:587 or smtp.office365.com:587 with Basic Authentication, and your client/device supports Modern Authentication (OAuth), switching to OAuth is the simplest and most straightforward option.
Please contact the WTS Helpdesk if you need assistance with OAuth app approval.
SMTP Relay on mtar.uwo.ca:25
The SMTP Relay service on mtar.uwo.ca:25 accepts mail by SMTP without authentication. This service is a farm of Postfix SMTP servers which accept mail from clients, then relay it to Western’s Office 365 tenant. In case of failure, mail may be queued by Postfix for later delivery. This improves reliability, but may increase delivery time.
This service is intended for low/medium-volume senders on Western’s network which don’t support authentication (or only support SMTP Basic Authentication).
This is a shared WTS service which may be adversely affected by high-volume senders (e.g., throttling by Microsoft). If you are a high-volume sender, please use another alternative.
Access is restricted by IP address of the sender. Please contact WTS to request access to this service.
Microsoft High Volume Email (HVE)
Microsoft recently introduced the High Volume Email (HVE) service as a way to send high volumes of emails to primarily recipients internal to Western’s Office 365 tenant. WTS is currently introducing this service as an Early Access Program (EAP).
HVE will continue to support SMTP Basic Authentication beyond September 2025, and supports sending up to 100,000 messages to internal recipients per day.
This option is recommended for high-volume senders that support authentication and send primarily to internal recipients.
Your sending host must have a public IP address (or outbound NAT with a public IP address) in order to connect to the HVE service.
Office 365 Connector
WTS can configure a “Connector” for your host in Office 365. This will allow your host to send directly to Office 365 without authentication.
This option is recommended for high-volume senders that do not support authentication and send to either internal and/or external recipients.
Your sending host must have a public IP address (or outbound NAT with a dedicated public IP address) in order to connect to Office 365.
Please contact WTS to discuss whether this option is appropriate for you.
Comparison of Alternatives
| Modern Authentication (OAuth) | SMTP Relay (mtar.uwo.ca:25) | Microsoft High Volume Email (HVE) | O365 Connector | |
|---|---|---|---|---|
| Email Volume | Low/Medium | Low/Medium | High (Internal recipients only) | High |
| Sending Rate Limits |
Microsoft sending rate limits: (2,000 external recipients per day1) |
No stated limits, but MS may throttle. High volumes may affect other users of this shared WTS service. |
100,000 internal recipients per day (2,000 external recipients per day1) |
No stated limits, but MS may throttle. |
| Internet Access Required (Public IP, NAT) |
No – if using mtar.uwo.ca:5872 Yes – if using smtp.office365.com:587 |
No | Yes | Yes |
| Authentication | OAuth | None | Basic Auth | None |
| Access Restrictions | Available to all users | Request access by IP Address | Request access to Early Access Program | Contact WTS to discuss |
- Microsoft has announced a 2,000 external recipient sending rate limit coming into effect in January, 2025.
- Please only use mtar.uwo.ca:587 if your sending host has a private IP address on Western’s network. Hosts with public IP addresses can connect directly to smtp.office365.com:587 using Modern Auth.
Published on and maintained in Cascade.
