To enhance the security of your Harrisburg University email account, on September 23rd, IT will disable the Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP) for all student accounts.
Additional context for the security justification:
Abuse of the email service by compromised credentials is a very large and growing issue. These credentials are used to access mailboxes, send out phishing to other people, and potentially exfiltrate sensitive email messages.
- Disabling unnecessary protocol access to accounts makes it more difficult for malicious actors to automatically test the validity of passwords obtained from phishing and 3rd party password database dumps.
- Reducing the number of protocols that can be used to export data from a mailbox will help reduce the risk of data exfiltration due to abuse via compromised credentials.
- If (and when) Multi-Factor Authentication (MFA) is available and enabled for an account, disabling these non-legacy protocols is a way to ensure that malicious actors can’t bypass MFA by using a legacy protocol that isn’t compatible with MFA.
Even though Microsoft provides you with the ability to connect to your Office 365 account using a wide variety of clients/protocols, for the best experience and complete support, Microsoft recommends connecting through one of the following ways: