Skip to content

Legacy Authentication Changes

August 6, 2021

The Office of Information Technology has announced that effective August 9 2021, legacy email clients and services that do not support 2-Factor Authentication (2FA/Duo) no longer function to send or retrieve UC Merced email. Please read on to understand more about why we've made this change and how it impacts you.

Why is this happening? 

OIT continues to observe an increase in attacks due to the use of email services and protocols that do not support modern authentication methods and 2FA. These legacy services and protocols increase the risk of account compromise and data exposure, especially related to PII (Personally Identifiable Information) stored in mailboxes. Additionally, these services and protocols are increasingly used to launch internal phishing attacks against other UC Merced accounts, bypassing important security controls and raising the overall risk profile of the university. Microsoft has announced plans to disable legacy authentication protocols in the coming months; OIT is accelerating this change because of emergent security concerns. To address these risks and improve our general information security posture, OIT has turned off legacy authentication as of August 9th 2021.

How will this affect me?

If you previously used a legacy email client or third-party email service that does not support modern authentication methods and 2FA (see examples below) they will no longer be able to authenticate to the UC Merced email service after August 9, 2021. If you previously forwarded and responded to your UC Merced email address from a third-party email service such as Gmail, you will no longer be able to send email from the Gmail account that impersonates your address. To send mail from your UC Merced email address after August 9, you will need to use an email client that supports modern authentication and 2FA. Mail sent TO your UC Merced email address will continue to be forwarded to Gmail per the forwarding rules you have established.

Your UC Merced email account will NOT be impacted, and you will always be able to access your email via Outlook on the Web or one of the supported clients listed below.

Clients/Versions Affected by the Change

Below is a list of older email clients and versions that will no longer be able to access UC Merced email (and the recommended steps to take for each).

Unsupported client Replacement
Outlook for Windows (prior to Outlook 2013)

Update Outlook by going to File > Office Account > Update Options > Update Now 

Outlook for Mac 2016 and older Update Outlook by launching Outlook then go to Help > Check for Updates
Apple Mail (versions macOs 10.14 Mojave and lower) Update Mac OS Mail by clicking on the Apple icon and then App Store
Apple Mail app (version iOS 11 and lower) Upgrade your phone software to the latest version of iOS OR download Outlook from the App Store
Android Mail App Download the Outlook App from the Google Play Store
Thunderbird, versions 77.0b1 and lower Update to the latest version of Thunderbird
Email clients using the POP protocol Download one of the mail clients listed below
Gmail Download one of the mail clients listed below

Accessing Your Email

Even if your current email client or version is no longer supported, you will always be able to access your UC Merced email! Click the links below for detailed instructions on setting up/accessing your email via the following clients that OIT supports:

Frequently Asked Questions

What's an email client?

An email client is an application installed on your computer or mobile device that connects to your UC Merced email account to read and compose email messages.

Can I continue to respond to email from a third-party email account via my UCMerced credentials (Authenticated SMTP)?

Presently, no third-party email services (e.g. Gmail) support modern authentication methods for authenticated SMTP. We recommend that you use a supported email client when composing or responding to email in relation to university matters.

Can I continue to use my current IMAP/POP email client?

If your IMAP/POP client can support modern authentication (OAUTH2), then it will continue to function. Presently, the only IMAP/POP client that supports these authentication methods is Thunderbird. Please see the list above for recommended options to replace your IMAP/POP client.

My Gmail account has 2FA enabled. Can I keep using it to send mail from my UC Merced address? 

Unfortunately, no. The Gmail "Send Mail As" feature requires you to specify a SMTP server to deliver messages to. As of today, Google only supports legacy authentication methods for this feature. When these legacy authentication methods are disabled, Gmail will be unable to send messages from your UC Merced address.

How can I prepare for this change?

If you are using a supported email client, no action is required on your part!

Ensure that you are using a supported email client by referencing the chart shown above. If you find that you are using an unsupported client, you will need to configure a new profile on your existing application (if modern authentication is supported) or switch to one of the recommended email applications listed above.

Common Error Messages

If you're using an unsupported email client after August 9, 2021, you may see one of the following error messages. Please refer to "Accessing Your Email" above to install and use one of the approved applications to access your email.

Thunderbird using IMAP/POP:

Authenticated STMP (ie Gmail):

Unsupported Mac Mail version:

Tell me more. What are the technical details behind this change?

Microsoft is in the process of deprecating legacy email protocols and authentication methods. Email protocols such as POP, IMAP, and SMTP were developed decades ago and rely on insecure methods of authentication that are increasingly used to stage attacks against organizations. As of August 9, 2021, UC Merced requires OAUTH2 authentication to continue using these protocols. OAUTH2 is a modern authentication method that supports additional security features including Duo 2-factor authentication, which is already required for most other UC Merced services and applications.

While POP/IMAP/SMTP clients that support OAUTH2 will continue to be supported for the time being, Microsoft has indicated these protocols may no longer be offered by Office 365 in the future. OIT recommends you use a supported email client when composing or responding to email in relation to university matters.