How to send email from a program _without_ using a preexisting account?
https://stackoverflow.com/questions/29988
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'd like my program to be able to email me error reports. How can I do this without hard-coding a username/password/SMTP server/etc. into the code? (Doing so would allow users to decompile the program and take over this email account.)
I've been told you could do some stuff with telneting to port 25, but I'm very fuzzy on the details. Most of the code snippets on Google assume you have a preexisting account, which doesn't work in this situation.
I am using .NET v3.5 (C# in particular), but I would imagine the ideas are similar enough in most languages. As long as you realize I'm doing this for an offline app, and don't supply me with PHP code or something, we should be fine.
Solution
As long as your account is on gmail.com, set up gmail-smtp-in.l.google.com as the outgoing SMTP-server in your program. You do not need to provide a password to send email to gmail-accounts when using that server.
OTHER TIPS
I would create a webservice to connect to. This webservice should send the email based on the data your program provide. All sensitive access-data is kept on the webservice side, so it's safer.
If the program has to email you directly, it has to get that information somehow, so a determined attacker could gain that information as well.
Have you considered hosting a simple http form or web service somewhere, so that you could post the information you need there from the application (no authentication required), and either save it to manually look at later, or send the email from that server?
I think the best plan would be to submit the error information to some service (in the simple case, a web form) running under your control, which could then send an email (or log it in some other appropriate way).
If sending the email is assumed to be of benefit to the end user, another option would be to have the user enter their own SMTP server (and username / password if required) - On Unix systems, you can possibly just use sendmail and rely on the user to have it configured correctly. I used to work on a system which used this approach to send the user reports of the system's scheduled tasks, and that worked quite well.
What you need to do is knowing the SMTP server of the ISP you are using because when you use the SMTP server of your own ISP, you aren't considered as doing mail-relay spam so you can go through without any authentication.
Unfortunately, it's not always possible to get that information easily OR there's some small exception which wouldn't let you log in anonymously like when you're using Exchange in a company...
At first I thought about encrypting your informations and decrypt them during runtime but it would still be available by sniffing the network card. You could however combine that with a webservice somewhere which would do the decrypt and the mailing for you (or directly send information to the web service, which ever you prefere) like already suggested by others.
MailMessage msg = new MailMessage("someone@foo.com", "someoneelse@bar.com");
msg.Subject = "Check it out!";
msg.Body = "Visit stackoverflow.com!";
SmtpClient client = new SmtpClient("some.smtp.server", 25);
client.Send(msg);
