Forum Discussion

Cybersec's avatar
New Contributor

No longer allowing encrypted passwords for SMTP (outgoing email) auth?

As of this morning I get the following error when trying to use an encrypted password for SMTP (outgoing email): "The Outgoing server (SMTP) does not seem to support encrypted passwords." Absolutely nothing was changed on my network clients until I started troubleshooting this morning. In short, Cox's SMTP servers no longer accept encrypted passwords to authenticate for outbound email using STARTTLS (port 587) or SSL/TLS (port 465); only "normal" passwords allowed. It won't even respond to a STARTTLS connection anymore. Why in the world would you disable a more secure option to authenticate for SMTP when you say your servers were being used as a spam relay? This is inexcusably stupid.

12 Replies

Replies have been turned off for this discussion
  • grymwulf's avatar
    Contributor II

    It almost seems as if Cox is going through a back-end email migration, not announcing it publicly, and screwing up the transition.  These are the same problem I've encounted before when the software/options change on an email package and you can't just copy things over.  Granted, we usually did it with a small group of people, invited them to participate, and made sure everything was working before ramping it up market by market.

  • AllenP's avatar
    Valued Contributor

    I am using at and SSL/TLS is working fine. I've tested with Thunderbird on Win 10 using SSL/TLS port 465 and K9 Mail on Android, same settings. I am on Cox's network, not outside, don't know if that makes a difference. To be sure we are both using the same server, what IP does resolve to on your machine? Are you inside our outside the network?

  • AllenP's avatar
    Valued Contributor

    A little more info, see the mozilla support article here....

    "Use of SSL or TLS means that your login and password, at the least, are encrypted. So there's no need to manually select encryption.

    As said, few ISPs support the encrypted password option per se; when they care about doing it properly, they offer you TLS/SSL. Encrypted passwords, when used, are generally offered instead of SSL or TLS. I think a weakness is that only the password is encrypted, whereas with SSL/TLS, your login, your password and potentially the whole of your message is encrypted."

    Bottom line, even if you select normal password, as required by Cox, both your user id & password are encrypted by the SSL/TLS procedure. According to Mozilla, that's doing it properly ... a good thing.

  • Tecknowhelp's avatar
    Valued Contributor II

    grymwulf said:
    It almost seems as if Cox is going through a back-end email migration,

    From what I am being told, they are, but no one higher up the chain told the support staff. It was only mentioned as a "server cleanup". What gets me upset is that Cox does stuff like this and never owns up to it. They just say "there was a issue but now it's fixed". That it not the kind of technical support I would trust with my email. Also, I think Cox is outsourcing their email serves so they can later start outsourcing their email support. If they are going to do that, why not just go with a good email vendor like Gmail?

    As part of that "server cleanup" I got a email from Cox saying since this username isn't attached to a account anymore, it will soon be deleted. FYI to anyone using a non Cox account for this forum. I got it 12/7..right around the time the problem started.

    From: Cox Communications, Inc. <> Add to Addresses Block Sender
     Date: Wednesday, December 7, 2016 2:04 PM

    "Dear Cox Email User, 

    A recent review of our records indicates that your Cox email address,, is no longer associated with a Cox High Speed Internet account. Per our email policies, you may retain access to a Cox Email account for up to 90 days after disconnecting Cox High Speed Internet Service.

    In order for your email account to continue working, we need your help, which should only take a few minutes. If you do not complete the following process by January 11, 2017 you will lose access to your Cox Email account, and its contents will be deleted.

    Since there is no longer an active Cox High Speed Internet account linked to this email address, your Cox email account,, and all messages, contacts and data will no longer be accessible on January 11, 2017. Once deleted, content cannot be recovered." 

    PS. None of the link in the email work. Looks like a copy/paste from a old support article. This whole thing was done badly. From start to finish.

  • LBrian's avatar
    New Contributor

    I'm using Thunderbird 45.5.1 and started to get errors sending out emails over SMTP a few daus agp.   I've tried ports  587 and 465 and both "STARTTLS" and  "SSL/TLS" for the Connection Security setting.  Attempts to send out-going email either fail from timing out or I get a "Sending of the message failed:  The Outgoing server (SMTP) does not seem to support encrypted passwords.

    If anyone has a solution for this, I would love to hear it.


  • ChrisL's avatar
    Former Moderator

    Here's an article that'll help with regards to the correct SMTP settings. Give this a try and see if it helps:{a8fb24c0-6440-11df-ccef-000000000000}

  • Tecknowhelp's avatar
    Valued Contributor II

    @Becky You may want to check the SSL certificate on It no longer supports TLS after the outage. I notice no moderators have even reported the email outage that effected the almost entire West Coast for several days. I just tried with TLS on 587 and it failed with the error below, but worked with SSL on 465.

    Trying TLS on[] (100):

    secondstest stage and result
    [000.088] Connected to server
    [001.205] <-- 220 cox ESMTP server ready
    [001.205] We are allowed to connect
    [001.206] --> EHLO
    [001.293] <-- hello [], pleased to meet you
    250-SIZE 28672000
    250 OK
    [001.293] We can use this server
    [001.294] TLS is not an option on this server
    [001.294] --> MAIL FROM:<>
    [001.429] <-- 250 2.1.0 <> sender ok
    [001.430] Sender is OK
    [001.430] --> RCPT TO:<>
    [001.564] <-- 250 2.1.5 <> recipient ok
    [001.565] Recipient OK, E-mail address proofed
    [001.566] --> QUIT
  • JSchmo's avatar
    New Contributor

    Just adding a name to the list. Outbound e-mail through no longer works with SSL/TLS. Funny that @Chris suggested @LBrian use exactly the settings LBrian already stated he had tried. In case it isn't clear: was working a couple days ago, not working now. Nothing changed on our end.

    Cox needs to listen to @Tecknowhelp and fix this on their end.

  • Cybersec's avatar
    New Contributor
    Given @Tecknowhelp's post it looks like Cox has dumped TLS altogether. Someone at Cox want to explain how eliminating TLS fixes your semi-disclosed spam relay / account hijacking problem? @grymwulf, agree wholeheartedly with the unannounced back-end migration/reconfiguration theory. @ChrisL, appreciate the attempt man, but does the level of detail in this thread leave you with the impression that you're talking to folks who spend all day on Facebook? Pass these details on to the folks who screwed it up so they can try to fix it.
  • Tecknowhelp's avatar
    Valued Contributor II

    SPA has never worked with Cox email servers. The change is with TLS no longer working over SSL. SPA has nothing to do with TLS though.