Revamped e-mail login procedure ensures privacy and security

Beginning early this morning, sending e-mail from University accounts will require one extra step for some network users. In addition to clicking the "send" button, students, faculty and administrators who use non-University clients — such as Microsoft Outlook, Outlook Express and Eudora — will also have to verify their identity by entering their user name and password.

In the past, verification was required only to read incoming mail and was not used to send e-mail. This loophole allowed outside entities — usually so-called "spammers" — to send out e-mail out through the University's network. The spam problem became a nuisance for both e-mail users — who might have messages blocked if "spammers," had used their account — and for OIT staff — who often had to make several telephone calls to clear up problems with recipients of unverified e-mail messages sent through the University system.

"The server that sent mail out [in the past] allows anyone to send mail, and there is no verifying that you are who you say you are or that you are from Princeton," said Dan Oberst, director of enterprise services. "Therefore, it is possible for unscrupulous mailers to send mail out as if they were a part of Princeton."

Students who use Pine via the Unix server or University webmail are not likely to notice any changes in the way they send e-mail. As set up by OIT, the initial "login" to the University network system will allow members of the University community to both read and send e-mail. Since students who purchased machines through the school's Student Computer Initiative use the pre-installed Netscape Messenger, they will not notice any changes in the system.

However, students who use Microsoft-specific applications or other e-mail programs, either bought or downloaded from a source outside the University, will need to change their computer's configurations. Specific instructions on how to make necessary changes in the machine's settings can be found online at the OIT helpdesk website or by calling the student-manned helpdesk for more information. Links to the helpdesk websites can be found in the student-wide e-mail sent by OIT last Friday.

Though Oberst realizes that the change may be an inconvenience to students, he said he hopes the changes will make University e-mail more secure and reliable.

"[These changes] will provide a better means of knowing where e-mail comes from. It gives a second level of confirmation," he said. "I think the biggest problem [students may run into] will be that someone does not have their client properly configured."