What's New

• The AspEmail.NET service release fixes a bug in the TLS 1.2 module responsible for the error

  POP3 Error with host <host name>: Exception of type 'Persits.Email.TlsException' was thrown.

  generated by EmailAgent.NET during POP3 message downloading over TLS 1.2 with some (but not all) SMTP servers, most notably outlook.office365.com.

• Also, DKIM functionality has been enhanced in both AspEmail and AspEmail.NET by optionally including the following three custom headers in the DKIM signature: List-Unsubscribe, List-Unsubscribe-Post, and Feedback-ID.

We have made a significant improvement to our mailing components. The latest service releases AspEmail 5.6.0.3 and AspEmail.NET 5.6.0.5301 include support for two highly secure cipher suites that utilize the Galois/Counter Mode (GCM) of the AES cipher. These cipher suites are:

Both cipher suites are part of the TLS 1.2 family. The previous versions of AspEmail and AspEmail.NET only supported cipher suites that relied on the Cipher Block Chaining (CBC) mode, which is generally considered less secure than GCM. As a result, some SMTP providers have discontinued support for those suites.

As of June 2022, Google has stopped supporting "less secure applications" and blocked the use of the SMTP protocol to applications with the sensitive scope (which is a set of permissions granted to the application by Google itself). For those applications to send email via GMAIL, they must now use Google API instead of the traditional SMTP protocol.

AspEmail 5.6.0.2 and AspEmail.NET 5.6.0.5206 support the API mode, under which the body of the message is POSTed to Google in a single large HTTPS post. For more information, see Section 5.6.3 of the AspEmail user manual, and Section 3.5.3 of the AspEmail.NET user manual.

AspEmail's and AspEmail.NET's TLS engine, specifically its ECDHE module, has received a small but important enhancement: support for SHA256-based RSA signatures. The previous versions only supported SHA1-based signatures.

Some SMTP servers require that the client application support SHA256-based signatures, and reject the secure handshake otherwise. This would result in the exception

Transport Layer Security Error #25 (WinSock): No information received from the server.

The new service releases fix this deficiency.

Also, the new version of EmailAgent.NET can now connect to a POP3 server via TLS 1.2 if the Port number is set to 99521 in the configuration panel application. Older versions of EmailAgent.NET only supported TLS 1.0 for POP3 connections.

AspEmail and AspEmail.NET have always provided partial support for the multipart/alternative format via its AltBody property, enabling a message body to be specified in two alternative versions -- plain-text and HTML.

This release supports an unlimited number of alternative bodies via the new method AddAltBody. Messages can now be generated with advanced content, such as accelerated mobile pages (AMP), calendars, etc.

For more information about this feature, see Section 2.5 of the AspEmail user manual, and Section 1.9 of the AspEmail.NET user manual.

Upgrading is free for registered users as always.

After 3 months in beta, our email products AspEmail and AspEmail.NET are officially out with the Elliptic Curve Diffie-Hellman Cipher Suite support.

A "cipher suite" is a basket of ciphers (including symmetric and asymmetric algorithms and hash functions) which a client and server use to communicate securely over TLS. Prior to this release, AspEmail and AspEmail.NET supported only one TLS 1.2 cipher suite, TLS_RSA_WITH_AES_128_CBC_SHA. Its key exchange procedure is based on the RSA public-key cipher, which some consider outdated and insufficiently secure. Some SMTP provides have gone as far as disabling all RSA-based cipher suites from their platforms.

As of now, our products also support the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher, which uses the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) algorithm for key exchange instead. ECDHE is widely considered superior to RSA. No code changes are necessary to take advantage of the new cipher suite as long as TLS 1.2 (as opposed to TLS 1.0) is used. Upgrading is free for registered users.

The current version of EmailAgent has a built-in 64-character limit on passwords, which makes it impossible to use EmailAgent with SMTP services requiring longer passwords, such as Twilio SendGrid, and others. This limitation has now been fixed and incorporated into the AspEmail 5.5.0.2 Beta.

AspEmail with the EmailAgent fix and AspEmail.NET (beta versions) can be downloaded via the links below:

aspemail_5502.exe
aspemail64_5502.exe
aspemail_net_5502.exe

Last year, we released Version 5.5 of AspEmail and AspEmail.NET with TLS 1.2 support. However, only RSA-based cipher suites were supported in that release. Version 5.5.0.2, currently in beta, also provides support for an ECDHE-based cipher suite, specifically TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (Code 0xC027). ECDHE stands for Elliptic Curve Diffie-Hellman Ephemeral, a key exchange algorithm that is widely considered far superior to RSA in both security and performance. In fact, some SMTP providers have already disabled RSA-based cipher suites altogether. An attempt to send email via such an SMTP server with older versions of AspEmail or AspEmail.NET would result in the error exception "Fatal alert received from the server: handshake_failure."

The TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suite, as its name suggests, still uses RSA, but only for server authentication. Key exchange, the most important part of the TLS protocol, is performed via ECDHE.

Please help us beta-test this very important release. The 5.5.0.2 (beta) versions of AspEmail (32-bit and 64-bit) and AspEmail.NET can be downloaded via the following links. Absolutely no code change is necessary.

aspemail_5502.exe
aspemail64_5502.exe
aspemail_net_5502.exe

oAuth Support (AspEmail & AspEmail.NET)

OAuth is an open-standard authorization protocol that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the account password. As of versions 5.5.0.1 (AspEmail) and 5.5.0.4826 (AspEmail.NET), our mail-sending components are capable of connecting to SMTP servers requiring oAuth, most notably smtp.gmail.com.

As of March 2020, it is still possible to connect to the Google GMAIL SMTP services via your account's username and password. However, Google has unmistakably signaled its intention to block "less secure applications" (that is, those not using oAuth) in the near future. In anticipation of that, we have added oAuth support to both AspEmail and AspEmail.NET, and provided interfaces to obtain GMAIL oAuth access tokens both interactively and programmatically.

Our components' oAuth support is described in Section 5.6 of the AspEmail user manual, and Section 3.5 of the AspEmail.NET user manual.

Improved .NET Core Support (AspEmail.NET)

AspEmail.NET has been further optimized for the .NET Core environment, both under Windows and Linux. It is no longer dependent on the System.Configuration.ConfigurationManager assembly when the registration key is specified directly in the code via the objMail.RegKey property. Also, previous versions of AspEmail.NET could not use TLS under .NET Core, while the latest version can.

We are happy to announce that our native-.NET mail-sending component is no longer confined to Windows servers. AspEmail.NET 5.5 has been successfully tested on .NET Core 2.0+ on both Windows and Linux!

It is official: AspEmail 5.5 and AspEmail.NET 5.5 have been released.

The main new feature is support for TLS 1.2. Whenever the TLS or SSL modes are enabled, the components now use TLS 1.2 by default. TLS 1.0 can still be switched to via the TLSVersion property.

Another important feature is support for 4-byte Unicode characters such as Emojis in the EncodeHeader method.

Version 5.5 also fixes the dreaded "The password is too long" error. Usernames and passwords up to 256 characters long are now allowed.

As always, upgrades are absolutely free for the registered users. Please download AspEmail & AspEmail.NET 5.5 here.

In Beta 4, buffer overflow bugs responsible for a crash on Windows 2016 under the TLS/SSL mode have been fixed. The bugs only affected AspEmail, not AspEmail.NET.

The Betas of AspEmail and AspEmail.NET can be downloaded from these links:

AspEmail_55.exe (AspEmail 32-bit)
AspEmail64_55.exe (AspEmail 64-bit)
aspemail_net55.exe (AspEmail.NET)

AspEmail and AspEmail.NET 5.5 (currently in beta) contain the following important enhancements:

• Version 1.0 of the Transport Layer Security protocol relies heavily on the MD5 hash algorithm, which has been cracked and is currently considered insecure. It contains other vulnerabilities as well. In anticipation of TLS 1.0's eventual decommission by all major SMTP providers, we are releasing Version 5.5 of AspEmail and AspEmail.NET, which replaces TLS 1.0 with TLS 1.2 - a more secure protocol which is based on SHA256 and 128-bit and 256-bit AES.
• Also, the EncoderHeader method has been fixed to enable 4-byte Unicode characters such as emojis in message subjects. In the previous versions, these characters appeared as black boxes.

The service release contains the following important fixes:

• A serious bug has been discovered in AspEmail that may cause the component to crash, although this only seems to happen quite rarely. The error message is usually

  A trappable error (C0000005) occurred in an external object. The script cannot continue running.

  This bug has now been fixed. The bug only affected AspEmail but not AspEmail.NET.

• The ValidateAddress method has been enhanced to invalidate email addresses with subdomains that start and/or end with a dash. Error code 12 is now returned for email addresses like that. Previous versions incorrectly reported such email addresses as valid.
• Other minor bugs fixed.

A bug in EmailAgent.NET (the background service included with the AspEmail.NET product) responsible for errors while processing queued messages in the DNS Relay mode with multiple simultaneous threads has been fixed.

A coding error caused a message processing thread to occasionally attempt to send a message to an SMTP server intended for another message being processed by a parallel thread. This caused the message to be rejected and placed back in the queue. This multithreading-related coding error has now been fixed.

The bug did not affect the regular SMTP relay mode or single-thread processing. The service release only updates the EmailAgent.NET service but not the AspEmail.NET component itself.

Please download the service release here.

AspEmail 5.4.0.4 and AspEmail.NET 5.4.0.4422 fix a bug in the TLS/SSL module that is responsible for the error

CertificateRequest: total length is out of bounds.

occurring with some SMTP servers.

Also, AspEmail has been recompiled to be properly coupled with the latest release of the AspEncrypt component (v2.9) which it relies on to send secure mail.

A bug in AspEmail's secure mail functionality responsible for the errors

Active Server Pages error 'ASP 0107'
Data size too large
/pdf/files/test.asp
Size of data being sent in the request is over the allowed limit.

or

Active Server Pages error 'ASP 0115'
Unexpected error
/pdf/files/test.asp
A trappable error (C0000005) occurred in an external object. The script cannot continue running.

when sending encrypted mail with large attachments has been fixed. The bug was apparently introduced in a previous service release several years ago, and only seems to affect the 32-bit version of AspEmail. Neither the 64-bit version of AspEmail nor AspEmail.NET are affected.

Also, both AspEmail and AspEmail.NET have been modified to not use a space separator in the SMTP commands MAIL FROM:<address> and RCPT TO:<address> between the ":" character and the email address. This reduces the chance that the messages sent by EmailAgent (EmailAgent.NET) under the DNS Relay mode will be treated as spam.

This service release only affects EmailAgent.NET but not AspEmail.NET itself. The following fixes have been implemented:

• During POP3 bounced-message retrieval, a faulty unique-name generation algorithm would occasionally generate the same filename for more than one message being retrieved, thus causing some messages to be overwritten and lost. This bug has now been fixed.
• When the HOST information was not part of a message queue file, EmailAgent.NET would still use the PORT information from that file. As a result, the Port value specified in the EmailAgent.NET configuration panel would always be ignored. This deficiency has now been fixed: PORT is read from a message queue file only if the HOST entry is also present in that file. Otherwise, the Port value from the configuration panel is used.

• The DNS lookup timeout value has been increased from 1 second to 2 seconds, thus reducing the occurrence of the log error

  DNS Lookup error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

  when the DNS relay mode is in use.

• Cosmetic changes to the configuration panel's user interface have been made.

When sending email over SSL (port 465) via Google's smtp.gmail.com server, the send occasionally fails with the sending script blocking and eventually throwing the error

Transport Layer Security Error #25 (WinSock): No information received from the server.

This problem was fixed in the AspEmail 5.4.0.3 and AspEmail.NET 5.4.0.4114 service releases.

EmailAgent.NET's TLS/SSL support has been expanded to cover POP3 message retrieval. Setting Port to 995 (as opposed to 110) on the POP3 & Logging configuration tab prompts EmailAgent.NET to connect to the POP3 server via the SSL/TLS secure communication protocol.

This new feature enables EmailAgent.NET to retrieve bounced messages from POP3 servers that require SSL/TLS, such as pop.gmail.com and others.

A bug in AspEmail and AspEmail.NET triggered by a recent change in the Google smtp.gmail.com server's TLS implementation, and causing the errors Invalid TLS version, No information received from the server and others, has been fixed.

The bug manifests itself in a plethora of ways. When sending a message via smtp.gmail.com over TLS or SSL, the following errors occur often (but not always):

Transport Layer Security Error #25 (WinSock): No information received from the server.
Transport Layer Security Error #40 (TLS): Invalid TLS version (0x3230)

or

Other SMTP servers do not seem to be affected by the bug.

Please download the service releases here.

In the context of an SMTP connection, Secure Socket Layer (SSL) refers to a secure channel over Port 465. Versions 5.4 of AspEmail and AspEmail.NET implement the SSL protocol. To enable it, the new SSL property should be set to True and Port to 465. This feature is useful in case your SMTP server requires a secure connection but does not support the STARTTLS command.

For more information, see AspEmail Manual Section 5.4 and AspEmail.NET Manual Section 1.8.

Upgrading is free for registered users.

This service release fixes a bug in EmailAgent.NET that manifests itself with SMTP servers that are configured to terminate the SMTP session under certain conditions, such as authentication failure. If the SMTP session is terminated, the new version correctly reports the message as failed and creates the entry "452 Remote connection lost (Socket.Receive returned 0)" in the log. Previous versions would erroneously report the message as successfully sent.

The service release also fixes a minor bug in the log parsing module.

Our TLS engine, shared by both AspEmail and AspEmail.NET, has been updated to eliminate the error

Handshake type 13 not supported.

This error would occur under the TLS mode with SMTP servers requesting a client certificate but not requiring one, such as, most notably, Microsoft Exchange Online (smtp.office365.com). This important enhancement is incorporated in the service releases AspEmail 5.3.0.3 and AspEmail.NET 5.3.0.3521. The upgrades are available free of charge to the registered users.

In this service release, the following secure-mail related methods get new path-based overloads:

• SendCertified
• SendEncrypted
• SendSigned
• SendSignedAndEncrypted

In the previous versions of AspEmail.NET, these methods required the instances of X509Certificate2 objects as arguments. From now on, these methods also accept physical paths to certificate files. This makes it possible for AspEmail.NET to be used in classic ASP to send secure mail as the methods no longer rely on the X509Certificate2 objects which do not exist in classic ASP.

The advantage of using AspEmail.NET to send secure mail over AspEmail is that the latter also requires AspEncrypt, while AspEmail.NET is completely self-sufficient.

The service release also adds the auxiliary method LogonUser for user impersonation. See KB article PS121023186 for code samples.