Configuring My Service to Send Email

Summary

Learn how to configure applications and devices for email sending at Dartmouth. Basic Authentication for SMTP ends in September 2025—all setups must switch to OAuth. IP relay requests require security approval, and misuse may result in suspension.

Body

SMTP Basic Authentication (smtp.office365.com)

Discontinuation of SMTP Basic Authentication for smtp.office365.com

Introduction

Some Dartmouth systems—like lab instruments, multifunction printers, or applications—need to send email for business operations. This guide explains how to configure those systems in line with Dartmouth’s email and security requirements.

Key Points

  • Basic Authentication for SMTP will be permanently retired by Microsoft in September 2025.
  • All new configurations must use Modern Authentication (OAuth2).
  • If your device or app cannot support OAuth2, you may request IP Authenticated SMTP Relay (approval required and not guaranteed).

Option 1 — OAuth2 (Preferred)

If your application or device supports OAuth2, follow these steps:

1) Request a Service Account

Submit the Service Account Request Form.

  • Type of Account: Service
  • Account Name: Typically matches your service name
  • Mailbox Type:
    • Forwarding Only if you only need to send mail (replies forward to an account or group you choose)
    • Full Email & Calendar if replies need to be stored in a separate inbox

2) Update SMTP Settings

  • Server: smtp.office365.com
  • Port: 587
  • Security: STARTTLS (SSL/TLS required)
  • Authentication: OAuth2 only (Basic Authentication will be disabled in September 2025)
  • Linux MTAs (Sendmail/Postfix): Confirm configuration with your system administrator
Reminder: Any existing system still using Basic Authentication must transition to OAuth2 before September 2025 to avoid service disruption.

Option 2 — IP Authenticated SMTP Relay (Requires Approval)

Use this option only when OAuth2 is not supported by your device or application.

Request & Requirements

Submit the IP Relay Request (General Request Form).

  • Your device must have a static IP address (include it in your request).
  • Provide an overview of the device/service functionality.
  • Provide the proposed sending email address (prefer a valid @dartmouth.edu address that can receive replies/bounces).
  • Confirm compliance with Dartmouth Information Security Committee (DISC) guidelines (evidence may be requested).

Security Review

  • All requests are reviewed and must be approved by the Information Security Team before your device/service can send mail through smtp.dartmouth.edu.
  • Requests that do not meet security requirements will be denied.

SMTP Relay Settings (after approval)

  • Server: smtp.dartmouth.edu
  • Port: 25
Misuse Policy: Misuse of IP Authenticated SMTP relay will result in immediate suspension. Dartmouth may revoke access at any time if security concerns arise.

Need Help?

Not sure which option applies to your system, or need help transitioning to OAuth2? Contact help@dartmouth.edu.

Details

Details

Article ID: 67039
Created
Fri 11/9/18 3:21 PM
Modified
Wed 8/13/25 12:39 PM

Related Articles

Related Articles (3)

Dartmouth Information Security Policy - Moved to Policy Portal
Sending Email (SMTP OAuth2) — FAQ for Application Teams & Developers
Dartmouth is retiring SMTP Basic Auth in September 2025; this guide shows how to send-only via smtp.office365.com using OAuth2, preferring delegated permissions (SMTP.Send) for security. App-only (SMTP.SendAsApp) is allowed only when scoped to specific mailboxes via an Exchange service principal, and the article outlines roles (App/Dev vs Email Team), key settings, and quick troubleshooting.
SMTP Authentication (SMTP Auth) Retirement in Exchange Online
Microsoft will retire Basic Authentication for SMTP Auth in Exchange Online, requiring all email-sending applications, devices, and legacy email clients to transition to Modern Authentication (OAuth). This change enhances security, reduces phishing risks, and aligns with Dartmouth’s security strategy. Application administrators and users must take action to update configurations before the deadline.