Home
What's New
User Manual
1. Introduction
2. Getting Started
3. Attachments
4. Embedded Images
5. Security
6. Unicode
7. Queuing Part I
8. Queuing Part II

Object Reference
.NET User Manual
.NET Object Reference
Live Demos
Support
Download
Purchase
Other Products
Contact Us

Newsletter Signup

    

Chapter 6: Unicode and Non-ASCII Support Chapter 4: Embedded Images Chapter 5. Authentication & Security

5.1 SMTP Authentication
5.2 AspEmail's Authentication Support
5.3 Secure Mail Support
5.4 Transport Layer Security (TLS) Support

5.1 SMTP Authentication

SMTP servers are often configured to require an email client to provide a username and password when sending a message. This is done to protect the SMTP server from unauthorized use by external users, and to prevent spam.

An attempt to send email via a secured SMTP server may result in run-time errors such as

550 Relaying Denied

The SMTP protocol provides several authentication methods through which a mail client submits its security credentials to the server during an SMTP session. SMTP servers usually support at least one authentication method, but most support several.

The most common SMTP authentication methods are as follows:

1. AUTH=LOGIN

This is the simplest authentication method where the username and password are sent to the SMTP server in clear text (that is, unencrypted) although the values are Base64-encoded. Authentication parameters can therefore be intercepted.

2. CRAM-MD5

The server sends a random string to the client. Both the client and the server calculate an MD5 digest of the concatenation of the random string and the password; the client then sends the server the result of its calculation. The server compares the two results.

This method is more secure than AUTH=LOGIN because the actual password never gets sent to the server.

2. NTLM

This is Microsoft's proprietary authentication protocol also known as "Challenge/Response". It is also secure in the sense that the password never gets transmitted over the network.

5.2 AspEmail's Authentication Support
AspEmail provides two properties, Username and Password through which user credentials are specified.

<%
...
Mail.Username = "Administrator"
Mail.Password = "He11o@World!"
...
Mail.Send
%>

When used in the standard mode (message queuing is not used), AspEmail supports the AUTH=LOGIN method only. When sending queued mail, AspEmail, in conjunction with EmailAgent, supports all three protocols described above. When attempting to negotiate an authentication protocol with the SMTP server, AspEmail tries the authentication methods in the following order: CRAM-MD5, NTLM, AUTH=LOGIN.

5.3 Secure Mail Support

When used in conjunction with Persits Software AspEncrypt, AspEmail is capable of sending signed and/or encrypted messages in the industry-standard S/MIME format.

When sending an encrypted (enveloped) message, the AspEmail/AspEncrypt tandem takes the recipient's digital certificate and encrypts the message with its public key. Only the owner of the certificate can decrypt such a message since no one else has the corresponding private key.

When sending a digitally signed message, the sender certificate's private key is used to sign the message. AspEmail/AspEncrypt are also capable of sending messages that are first signed and then encrypted.

S/MIME-Compliant AspEmail is the only ASP component on the market that is officially certified to be S/MIME-enabled by RSA Security, the inventor of public-key cryptography and S/MIME, and was listed on RSA's web site among other S/MIME-enabled software products (the list was recently removed from the RSA web site.)

To learn how to send secure mail with AspEmail/AspEncrypt, read the Secure Mail chapter on the AspEncrypt.com web site.

Here is another useful article by Peter Persits on implementing a secure mail application at 15seconds.com.

5.4 Transport Layer Security (TLS) Support

As of Version 5.1, AspEmail supports the Transport Layer Security (TLS) protocol. This secure protocol encrypts all traffic between the email-sending client application and SMTP server, and not just the passwords. The security of the protocol is based on public-key cryptography.

Some SMTP servers require the email sender to use TLS. An example of such a server is Google's popular free smtp.gmail.com server. An attempt to use this SMTP server without TLS results in the error message

530 5.7.0 Must issue a STARTTLS command first.

To enable AspEmail's TLS support, you must set the TLS property to True, as follows:

Mail.Host = "smtp.gmail.com"
Mail.Username = "MyGMailAccount"
Mail.Password = "He11o@World!"
Mail.TLS = True
...
Mail.Send

Note that TLS is currently only supported by AspEmail itself but not EmailAgent.

Chapter 6: Unicode and Non-ASCII Support Chapter 4: Embedded Images  

 

 
AspEmail.com Home Page Copyright © 1998 - 2012 Persits Software, Inc.
All Rights Reserved
AspEmail™ is a trademark of Persits Software, Inc.