合理安全的电子邮件发送功能 [英] Reasonably secure email sending functionality

问题描述

我们正在开发桌面应用，并希望从内部添加电子邮件发送功能。我们现在遇到的问题是旧的smtp库不再完全适用，因为像gmail这样的提供商现在将它们称为不符合现代安全标准的应用程序。他们仍然允许您启用安全性较低的应用程序来访问您的电子邮件帐户，但毫无疑问，用户将被推迟，我们希望避免这种情况。另一方面，似乎占主导地位的OAUTH 2协议要求电子邮件提供商提供消费者密钥和安全性，我们无法从用户可能订阅的每个提供商那里收集这些消息。



我的问题是：现在从桌面应用程序中发送电子邮件的标准方法是什么？我们可以使用旧的TLS并承担潜在的后果吗？当然有很多应用程序没有实现oauth - 每台传真机，复印机或打印机都可以发送电子邮件，我觉得他们使用OAUTH似乎很可疑。



我尝试了什么：



我试图环顾四周看看其他人在做什么并发现了这一点，但这并不是很明确。



https://bugzilla.mozilla.org/show_bug.cgi?id=849540

解决方案

你遇到的问题只是一个常见的误解。发送电子邮件和接收电子邮件不以任何方式，形状或形式连接。电子邮件客户端（包括桌面版和网络版）给人的印象是它们已连接，但它们不是。



如果您处理的是发送电子邮件而不是您没有要通过in box提供商的smtp服务器或其常规服务发送，您可以通过正确配置的smtp服务器从任何地址发送任何电子邮件。如果你的网站是托管的，那么网络主机很可能有这样一个smtp服务器供你使用。



你不应该花时间做的事情。 ASP.NET论坛 [ ^ ]

We are developing a desktop app and want to add email sending functionality from within. The problem we now have is that the old smtp libraries are no longer entirely adequate since providers like gmail now call them 'applications that do not meet modern security standards'. They still allow you to enable less secure apps to access your email account, but the user is no doubt going to be put off by this and we want to avoid that. On the other hand, the OAUTH 2 protocol that seems to prevail requires consumer key and security to be provided by the email provider and we cannot surely collect these from every provider that our users may subscribe with.

My question is: What is the standard approach these days to email sending from within desktop applications? Can we just use good old TLS and live with the potential consequences? Surely there are loads of applications that do not implement oauth - every fax machine, photocopier or printer can send emails, it seems quite doubtful to me that they use OAUTH.

What I have tried:

I have tried to look around to see what others are doing and found this, but it's not quite definitive.

https://bugzilla.mozilla.org/show_bug.cgi?id=849540

解决方案

The problem you are having is simply a common misconception. Sending email and receiving email are not connected in any way, shape or form. Email clients (both desktop and web) give the impression that they are connected but they're not.

If you are dealing with sending email than you don't have to send through the "in box" provider's smtp servers, or their general services, you can send any email from any address through a properly configured smtp server. If your site is hosted then the web host more than likely has such an smtp server for you to use.

Things you shouldn't spend time doing | The ASP.NET Forums[^]

这篇关于合理安全的电子邮件发送功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！