In Outlook, is secure password authentication (SPA) redundant when SSL or TLS encryption is used?

I have just setup Outlook to connect to an IMAP and SMTP mail server.

The IMAP server requires SSL and the SMTP server requires TLS.

There does not appear to be any requirerement to logon using secure password authentication (SPA)

Hence my question: Is SPA redundant when mail server uses encrypted connection?


A bit of background on SPA would be useful too, since I don't really understand what it is and why it is there.

Thanks

 

Question Info


Last updated August 3, 2019 Views 17,290 Applies to:

Hi,

Thank you for choosing Microsoft Community.

Secure Password Authentication (SPA) is a proprietary Microsoft protocol used to authenticate Microsoft email clients with an electronic mail server when using the Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), or Internet Message Access Protocol (IMAP).

Normally usage of Secured Password Authentication (SPA) depends upon the type of protocol used by Internet Service Provider (ISP) for the mail transfer.

This depends on the internet service provider and this option is not commonly used by most of the service providers., Unless your ISP has indicated that your service uses Secure Password Authentication (SPA), do not select the Log on using Secure Password Authentication (SPA) check box.

I hope the above information helps. Let us know if you need further assistance.

Thank you.

39 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks for responding. Your answer does give some background information about what SPA is, but it does not directly answer my main question: Is SPA redundant when mail server uses encrypted connection?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

Thank you for replying.

SPA depends on the internet service provider and this option is not commonly used by most of the service providers. Unless your ISP has indicated that your service uses Secure Password Authentication (SPA), do not select the Log on using Secure Password Authentication (SPA) check box. For further information on the same you may also contact ISP.

Thank you.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

You did not understand the question miss Raj.

The question in other words is this: Does SPA provide the same security as SSL?

In other words, Does SSL protect the user from having his/her password read by hackers when the user sends/receive email?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello Daniel,

First of all.

Like you I hate it when people do not read the question well and only try to give an answer hoping that it will be marked as "helpfull" or even as "the answer" .

To my regret even people who are related to MS (in some way, like some admins) even mark these false answers as "the answer".

I hope it will not happen for this thread.

Anyhow, I think it is not neccesary to use SPA if you are using SSL and TLS, so it is redundant.

However, I came her because I have different question about the same subject:

Is TLS or SSL redundant if you are using SPA?

So my question is:

If Secure Password Authentication is used, what about the email message itself?

Are the email messages themselves encrypted  after the (encrypted) authentication proces or are they just send in plain text?

I assume there is no VPN tunnel or other encrypted connection used.

On other words:

If I POP my email without using a secure connection but if I do use SPA. Is my email message encrypted or not?

Hopefully someone with real knowledge can reply to this.

Regards

9 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.