Conversion of the central mail system of the RWTH Aachen

28/07/2016

For security reasons the central mail system of the RWTH Aachen will be reconfigured on August 15, 2016.

 

Out of procedural reasons the central e-mail system of the RWTH Aachen currently still allows sending mails without checking the correct sender data. Therefore recipients of such emails cannot reply to the mail neither they can make sure that the real sender gets the mail nor can they know for sure if the predetermined sender is really the originator of the mail.

Conversion of the central mail system

Since this possibility of sending mail led to accidental misconfiguration of the mail client and has increasingly led to confusion and at the same time the process technology need is declining, the system will be reconfigured.

In the past it has occurred several times that users send e-mails with false sender address. This can be caused, for example, by accidental misconfiguration of the mail client. This is particularly annoying when the recipient of the mail cannot reply because the originator address - and thus the reply address - is wrong.

For applications that took advantage of this possibility so far the option to convert the relevant systems is possible until August 15, 2016.

In order to secure the e-mail traffic the central mail server (mail.rwth-aachen.de) will therefore be reconfigured on August 15, 2016 so that only messages are sent when the authenticated sender has permission to use this sender address.

However this measures are only effective when the central mail server of the RWTH Aachen is used. The intentional use of false return addresses cannot be ruled out if other mail servers are used for mail delivery. Thus it is still possible to receive mails with a false or a forged sender address.

Possibility of securing the e-mail traffic

In order to really make sure to that the sender is really the owner of the sender address used, further protective measurements are necessary. If the receiver should be able to verify the authenticity of the messages, signed messages must be sent. For this purpose a corresponding personal S/MIME certificate is necessary. This can be requested from the RWTH-DFN certification portal in the IT Center.