In the past, POP-before-SMTP did the job. Forward-thinking ISPs are beginning to support MSA (RFC2476). For today, SASL (RFC2222) is the right solution. All modern mail clients support SASL.

(MSA is trivial: it's exactly the same as your regular SMTP daemon, except it listens on port 587 instead of port 25, and it requires some kind of authentication, like SASL AUTH. This lets traveling mailmen inject messages to their home ISP even when their current connectivity blocks port 25.

You may need to recompile or reconfigure your MTA to support SASL. You can tell whether your MTA has SASL by telnetting to port 25 and typing something like EHLO isp.com. If the response includes 250-AUTH LOGIN PLAIN you are all set.

Here is a sample letter which you can send to your users.

Subject: Technical Advisory Regarding Email at isp.com
From: Customer Service at isp.com

Dear Customer,

isp.com has been working hard to improve your email. These upgrades will bring several benefits. Spam should start to go down. And your email address will be protected from forgery by spammers.

To take advantage of our improvements, you need to change some of the settings in your email program.

Please launch your email program, and open up "Settings" or "Preferences".

Look for settings that look like:

SMTP server: smtp.isp.com

Use authentication: Set this to YES, Login, or Password
username: [YOUR-USER-NAME]
password: your password.

You may have to look under "Advanced Options" to find these settings.

After you make this change, test it by sending an email to yourself. If you have trouble sending the message, or if you do not receive it, change the settings back to the way they were before, then try again.;

Love, ISP