Update 6/11/2025: We updated the timeline of this deprecation mentioned in this post.
Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) gra...
Updated Jun 12, 2025
Version 4.0
Blog Post
Lets imagine I have an old B2B software which sends emails via SMTP through customers servers (using their accounts, as B2C). But it is not a problem to add some new tricks to this software. What updates should I add to the software to make it support new SMTP auth rules?
- It seems XOAUTH2 is not an options since if I create an oauth token for my microsoft account, I will got an ability to send emails only from my own email. I wrote a test application and failed to send email in the name of another user. 535 5.7.3 Authentication unsuccessful.
- I read other users comments related HVE and seems it is not an option too. And Azure services as well. Business owner do not want to pay for any service, which will provide a functionality, which WAS FREE just a year ago. As well as any other paid service of any other cloud provider.
- One day I read about app passwords. Good idea to provide compatibility for old devices like XBOX or mobile phones. So I registered new outlook account, set up 2FA and created an app password (for some reason I was unsuccessful to do this using my corporate account). Filling lucky I entered this account data to the testing script, using app passwords as SMTP password... and got another error. 535 5.7.139 Authentication unsuccessful, basic authentication is disabled.
What I am doing (thinking) wrong? App passwords looked like a good solution, or better to say a compromise between new rules and old software, but it does not work for some reason.
Re point 3. Did you enable basic authentication for the HVE acount that you tried with an app password?
Re Re point 3. It is not a HVE account. Honestly, I do not even sure what HVE is. Again: we have a user settings page with "Email settings block"; there users can enter email account properties, like host, port, user, password, click "enable sending via SMTP" checkbox and expect we will send emails from THEIR email servers to end-users (guests, buyers, etc). I do not sure we can ask our customers to do some over-complicated things with their accounts. Usually it is just a common hotmail and office365 emails. In the same time customers are common people having cottages or small hotels to rent (if I can use "common" about such ppl). IF enabling 2fa and generating app password (or any other SIMPLE) way is not working anymore for MS server emails, we have no other way than just add a very big banner at top of the page: "Microsoft-hosted email server ARE NOT SUPPORTED ANYMORE".