Starting with iOS devices, and now with Mail on OS X, Apple has implemented a very slick autoconfiguration system for setting up email accounts.
You simply put in your name, email address and password, and all the required information (incoming and outgoing servers, ports, etc.) is determined automagically.
How does this work? I just set up a new email account on my wife’s computer, and the email server isn’t even in the same domain as her email address. Is there some new “auto discovery” protocol that has been implemented in the last few years?
There’re some standards as far as port/service pairs. So I imagine that those are tried.
Also, you provided your e-mail address in the set-up, so that provides a likely domain and server name for the mail reader to try.
Additionally, Exchange servers can host a list of settings for email clients to use. So, the client asks the server if the server has a a list of specs for an account. If the server does, then it supplies them to the client.
So, in your wife’s case, the list of details may have been located where the client would look for them and the details specified the correct server even though the correct mail server was not where the client thought to look for the mail server.
No. most people (and businesses in particular) consider email to be fairly personal and private, and auto-discovery is a security breach waiting to happen.
Knowing Apple, I suspect this is handled by querying an online database (maintained by Apple) with configurations for all the common email providers. Even for carriers that aren’t listed, mail server names are fairly standard and there are only handful of different port configurations commonly used. A provider could use some weird server names and non-standard ports, but those are rare and represent a tiny percentage of Apple customers.
Those two things seem incongruous. If the server names and configurations are “fairly standard” how is a file which lists the server names and configurations a security breach?
Here is some more detail on auto-discover, which is MS’s version of the same thing.
Autodiscover
[INDENT]Autodiscover is a standards-based XML file that can be configured by an administrator for an ISP, a corporation, or dynamically generated by a service, such as a Microsoft Exchange 2007 Client Access server. This is the preferred mechanism for settings discovery, as it will be the most performant and leaves little room for configuration error on the client as the settings are defined explicitly and deliberately by the administrator of the mail servers[/INDENT]
White Paper: Understanding the Exchange 2010 Autodiscover Service
[INDENT]An Outlook 2007 or Outlook 2010 client connects to the Autodiscover service as follows:
Outlook sends a Lightweight Directory Access Protocol (LDAP) query to Active Directory looking for all available SCP objects. Specifically, Outlook initializes the LDAP connection using the ldap_init() function and passes a NULL value for the hostname. When a particular global catalog server name (or domain name) is not specified, the operation searches for a global catalog server in the domain, based on the membership of the computer that is initializing the operation.
Outlook sorts and enumerates the returned results based on the client’s site by using the keyword attribute of the SCP record. One of two lists is created, an in-site list or an out-of-site list. The in-site list provides the SCP records that have AutodiscoverSiteScope information. AutodiscoverSiteScope is a parameter that is set on the Client Access server by using the Set-ClientAccessServer cmdlet. The parameter specifies the site for which the Autodiscover service is authoritative. The AutodiscoverSiteScope information contained in the SCP records for the in-site list matches the site for the Outlook client. If there are no in-site records, an out-of-site SCP record list will be generated. The list is not sorted in any particular order. Therefore, the list is approximately in the order of oldest SCP records (based on creation date) first.
Outlook first tries to connect to each Autodiscover URL that it previously generated from either an in-site list or an out-of-site list. If that doesn’t work, Outlook will try to connect to the predefined URLs (for example, https://autodiscover.contoso.com/autodiscover/autodiscover.xml) by using DNS. If that fails also, Outlook will try the HTTP redirect method and, failing that, Outlook will try to use the SRV record lookup method. If all lookup methods fail, Outlook will be unable to obtain Outlook Anywhere configuration and URL settings.
The Autodiscover service queries Active Directory to obtain the connection settings and URLs for the Exchange services that have been configured.
The Autodiscover service returns an HTTPS response with an XML file that includes the connection settings and URLs for the available Exchange services.
Outlook uses the appropriate configuration information and connection settings to connect to your Exchange messaging environment.[/INDENT]
It uses DNS records. Here’s a draft proposal.
Absent the additional info provided by that method, you could guess the right values most of the time using MX records, some simple heuristics and a probe.
Thanks for the information.
It’s interesting that the draft proposal you linked to was generated by Apple…
Here’s a clear description for Mozilla’s Thunderbird which has had this since about 2006 ( along with Seamonkey ).