Support OAuth 2.0 for SMPT Authentication
My institution uses Microsoft for email and would like to use OAuth 2.0 to authenticate in ILLiad. We currently use a local SMTP server to send emails using a university account, allowing ILLiad emails to come from a trusted university address. However, my IT department informed me that Microsoft will no longer allow this type of configuration and recommends that library applications use OAuth 2.0 to authenticate to the server before sending emails. It is my understanding that OAuth 2.0 is more secure than ILLiad's current SMTP login as OAuth does not pass credentials. I know that other library vendors, such as Springshare, have developed their products to support OAuth 2.0 and I'm hopeful that Atlas will consider doing so too. (Note: If we send an email using a university address from the OCLC server, it will be flagged as spam).
Thank you, Sara. I appreciate you bringing the suggestion to your product team meeting.
Regarding making an exception in the spam filtering application: My IT department is very reluctant to whitelist external hosts to send as @umassd.edu. They may be willing to create a new subdomain for us to use but OAuth 2.0 support would be preferable.
Thank you for submitting the enhancement idea. I've added the topic to the agenda of the next product team meeting for further discussion. In the meantime, if you choose to use the OCLC-hosted SMTP server and are concerned about emails being flagged as spam, you could make an exception in the SPAM filtering application for the IP address and hostname of the OCLC mail server. If you would like the address and hostname, please submit a ticket to email@example.com and I can send you the information.