1. Introduction
2. Getting Started
3. Attachments
4. Embedded Images
5. Security
6. Unicode
7. Queuing Part I
8. Queuing Part II
Object Reference





Newsletter Signup
File Upload Component
Encryption and Secure Mail Component
Data-bound Editable Grid Component

Chapter 6: Unicode and Non-ASCII Support Chapter 4: Embedded Images Chapter 5. Authentication & Security

SMTP Authentication

SMTP servers are often configured to require an email client to provide a username and password when sending a message. This is done to protect the SMTP server from unauthorized use by external users, and to prevent spam.

An attempt to send email via a secured SMTP server may result in run-time errors such as

550 Relaying Denied

The SMTP protocol provides several authentication methods through which a mail client submits its security credentials to the server during an SMTP session. SMTP servers usually support at least one authentication method, but most support several.

The most common SMTP authentication methods are as follows:

1. AUTH=LOGIN

This is the simplest authentication method where the username and password are sent to the SMTP server in clear text (that is, unencrypted) although the values are Base64-encoded. Authentication parameters can therefore be intercepted.

2. CRAM-MD5

The server sends a random string to the client. Both the client and the server calculate an MD5 digest of the concatenation of the random string and the password; the client then sends the server the result of its calculation. The server compares the two results.

This method is more secure than AUTH=LOGIN because the actual password never gets sent to the server.

2. NTLM

This is Microsoft's proprietary authentication protocol also known as "Challenge/Response". It is also secure in the sense that the password never gets transmitted over the network.

AspEmail's Authentication Support
AspEmail provides two properties, Username and Password through which user credentials are specified.

<%
...
Mail.Username = "Administrator"
Mail.Password = "He11o@World!"
...
Mail.Send
%>

When used in the standard mode (message queuing is not used), AspEmail supports the AUTH=LOGIN method only. When sending queued mail, AspEmail, in conjunction with EmailAgent, supports all three protocols described above. When attempting to negotiate an authentication protocol with the SMTP server, AspEmail tries the authentication methods in the following order: CRAM-MD5, NTLM, AUTH=LOGIN.

Secure Mail Support

When used in conjunction with Persits Software AspEncrypt, AspEmail is capable of sending signed and/or encrypted messages in the industry-standard S/MIME format.

When sending an encrypted (enveloped) message, the AspEmail/AspEncrypt tandem takes the recipient's digital certificate and encrypts the message with its public key. Only the owner of the certificate can decrypt such a message since no one else has the corresponding private key.

When sending a digitally signed message, the sender certificate's private key is used to sign the message. AspEmail/AspEncrypt are also capable of sending messages that are first signed and then encrypted.

S/MIME-Compliant AspEmail is the only ASP component on the market that is officially certified to be S/MIME-enabled by RSA Security, the inventor of public-key cryptography and S/MIME, and is listed on RSA's web site among other S/MIME-enabled software products.

To learn how to send secure mail with AspEmail/AspEncrypt, read the Secure Mail chapter on the AspEncrypt.com web site.

Here is another useful article by Peter Persits on implementing a secure mail application at 15seconds.com.

Chapter 6: Unicode and Non-ASCII Support Chapter 4: Embedded Images  


Copyright © 1999 - 2003 Persits Software, Inc.
All Rights Reserved
Questions? Comments? Write us!