Effective 9 August 2021, legacy email clients and services that do not support 2-Factor Authentication (2FA/Duo) no longer function to send or retrieve UC Merced email.
Why is this happening?
OIT continues to observe an increase in attacks due to the use of email services and protocols that do not support modern authentication methods and 2FA. These legacy services and protocols increase the risk of account compromise and data exposure, especially related to PII (Personally Identifiable Information) stored in mailboxes. Additionally, these services and protocols are increasingly used to launch internal phishing attacks against other UC Merced accounts, bypassing important security controls and raising the overall risk profile of the university. Microsoft has announced plans to disable legacy authentication protocols in the coming months; OIT is accelerating this change because of emergent security concerns. To address these risks and improve our general information security posture, OIT has turned off legacy authentication as of August 9th 2021.
How will this affect me?
If you previously used a legacy email client or third-party email service that does not support modern authentication methods and 2FA (see examples below) they will no longer be able to authenticate to the UC Merced email service after August 9, 2021. If you previously forwarded and responded to your UC Merced email address from a third-party email service such as Gmail, you will no longer be able to send email from the Gmail account that impersonates your @ucmerced.edu address. To send mail from your UC Merced email address after August 9, you will need to use an email client that supports modern authentication and 2FA. Mail sent TO your UC Merced email address will continue to be forwarded to Gmail per the forwarding rules you have established.
Your UC Merced email account will NOT be impacted, and you will always be able to access your email via Outlook on the Web or one of the supported clients listed below.
Clients/Versions Affected by the Change
Below is a list of older email clients and versions that will no longer be able to access UC Merced email (and the recommended steps to take for each).
| Unsupported client | Replacement |
| Outlook for Windows (prior to Outlook 2013) |
Update Outlook by going to File > Office Account > Update Options > Update Now |
| Outlook for Mac 2016 and older | Update Outlook by launching Outlook then go to Help > Check for Updates |
| Apple Mail (versions macOs 10.14 Mojave and lower) | Update Mac OS Mail by clicking on the Apple icon and then App Store |
| Apple Mail app (version iOS 11 and lower) | Upgrade your phone software to the latest version of iOS OR download Outlook from the App Store |
| Android Mail App | Download the Outlook App from the Google Play Store |
| Thunderbird, versions 77.0b1 and lower | Update to the latest version of Thunderbird |
| Email clients using the POP protocol | Download one of the mail clients listed below |
| Gmail | Download one of the mail clients listed below |
Accessing Your Email
Even if your current email client or version is no longer supported, you will always be able to access your UC Merced email! Click the links below for detailed instructions on setting up/accessing your email via the following clients that OIT supports:
- Outlook app for Android
- Outlook app for iOS
- Outlook 2016 for Mac
- Outlook 2016 for Windows
- Outlook on the Web
Frequently Asked Questions
What's an email client?
Can I continue to respond to email from a third-party email account via my UCMerced credentials (Authenticated SMTP)?
Can I continue to use my current IMAP/POP email client?
My Gmail account has 2FA enabled. Can I keep using it to send mail from my UC Merced address?
Unfortunately, no. The Gmail "Send Mail As" feature requires you to specify a SMTP server to deliver messages to. As of today, Google only supports legacy authentication methods for this feature. When these legacy authentication methods are disabled, Gmail will be unable to send messages from your UC Merced address.
How can I prepare for this change?
If you are using a supported email client, no action is required on your part!
Ensure that you are using a supported email client by referencing the chart shown above. If you find that you are using an unsupported client, you will need to configure a new profile on your existing application (if modern authentication is supported) or switch to one of the recommended email applications listed above.
Common Error Messages
If you're using an unsupported email client after August 9, 2021, you may see one of the following error messages. Please refer to "Accessing Your Email" above to install and use one of the approved applications to access your email.
Thunderbird using IMAP/POP:
Authenticated STMP (ie Gmail):
Unsupported Mac Mail version:
Tell me more. What are the technical details behind this change?
Microsoft is in the process of deprecating legacy email protocols and authentication methods. Email protocols such as POP, IMAP, and SMTP were developed decades ago and rely on insecure methods of authentication that are increasingly used to stage attacks against organizations. As of August 9, 2021, UC Merced requires OAUTH2 authentication to continue using these protocols. OAUTH2 is a modern authentication method that supports additional security features including Duo 2-factor authentication, which is already required for most other UC Merced services and applications.
While POP/IMAP/SMTP clients that support OAUTH2 will continue to be supported for the time being, Microsoft has indicated these protocols may no longer be offered by Office 365 in the future. OIT recommends you use a supported email client when composing or responding to email in relation to university matters.
