I have a problem regarding on the authentication of Emails on my application. Is it OK if my Java Program will be the one who will validate and authenticate the Email instead of the SMTP server? If it is possible how can I do that guys...I need to hear your opinions regarding on this matter guys..Thanks!
it's not exactly clear what you're trying to ask, but... most SMTP servers aren't going to care what your Java program does or does not do. if the SMTP server is set up to authenticate senders, then it'll do that, likely regardless of what your program has done before. if the server isn't configured for authentication, then it won't... do you have control over this SMTP server to change its configuration?
(also, i could ask what you mean by "authenticate [a] sender". there are several different strategies a SMTP server can use for that, depending on who or what is considered "authorized" to be sending email through the SMTP server in question. what role, if any, is your program supposed to play in that larger picture?) [ February 07, 2005: Message edited by: M Beck ]
John Ray Allen
Joined: Jan 06, 2005
What I mean is that not all SMTP servers are designed to authenticate connections..you can connect to the server with all permissions reagrdless of whatever process you are conducting..How can I enhanced my JAVA PROGRAM especially if it is connecting to a SMTP server that permits all connection? For security reasons..I think you would agree to me that I should have the validation or authentication on my application for users if I would use that kind of SMTP server..In need of your opinions..Thanks!
Yes, don't rely on your SMTP server for authentication, since the SMTP standard does not included a reliable authentication mechanism. There is an extension "standard" called ESMTP that does specify a route to proper authentication, but JavaMail doesn't have any Transport class for this protocol. Its a better practice to properly secure your SMTP server as part of your infrastructure, and handle authentication to it in your app server. That way you at least have a single point of configuration, which helps reduce the risk of securing holes creaping in.