As you may have heard, Microsoft will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. For more details, see the article https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750. Microsoft also describes possible alternatives in the article.

I would like to discuss which method for sending email in Microsoft 365/Azure should be preferred in terms of security, including Direct Send and SMTP Relay with Microsoft 365. I have not included third-party SMTP Server service/server.

My rankings in terms of security is:

OAuth2.0 – Relies on token-based authentication, only allow email sending (no other permissions)

Azure Communication Services Email – Uses Modern Authentication if I understand correctly

High Volume Email for Microsoft 365 – Internal only, no mailbox associated to HVE-account

SMTP Relay with Office 365 – An associated mailbox to the email address is not required. Include IP-address in SPF.

Direct Send – Internal only, no authentication. Include IP-address in SPF.

Exchange Server On-Premises with Basic Auth – Not secure by default but may be less insecure if you restrict it to specific devices/servers within the local network.

Exchange Server On-Premises with Anonymous Relay – Not secure by default but may be less insecure if you restrict it to specific devices/servers within the local network.

What do you think? Please feel free to share your opinions!

​As you may have heard, Microsoft will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. For more details, see the article https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750. Microsoft also describes possible alternatives in the article. I would like to discuss which method for sending email in Microsoft 365/Azure should be preferred in terms of security, including Direct Send and SMTP Relay with Microsoft 365. I have not included third-party SMTP Server service/server. My rankings in terms of security is:OAuth2.0 – Relies on token-based authentication, only allow email sending (no other permissions)Azure Communication Services Email – Uses Modern Authentication if I understand correctlyHigh Volume Email for Microsoft 365 – Internal only, no mailbox associated to HVE-accountSMTP Relay with Office 365 – An associated mailbox to the email address is not required. Include IP-address in SPF.Direct Send – Internal only, no authentication. Include IP-address in SPF.Exchange Server On-Premises with Basic Auth – Not secure by default but may be less insecure if you restrict it to specific devices/servers within the local network.Exchange Server On-Premises with Anonymous Relay – Not secure by default but may be less insecure if you restrict it to specific devices/servers within the local network. What do you think? Please feel free to share your opinions!   Read More

​