SMTP servers are often configured to require an email client to provide
a username and password when sending a message. This is done to protect
the SMTP server from unauthorized use by external users,
and to prevent spam.
An attempt to send email via a secured SMTP server may result in run-time errors such as
550 Relaying Denied
The SMTP protocol provides several authentication methods through which a mail
client submits its security credentials to the server during an SMTP session.
SMTP servers usually support at least one authentication method, but most support
several.
The most common SMTP authentication methods are as follows:
1. AUTH=LOGIN
This is the simplest authentication method where the username and password are sent
to the SMTP server in clear text (that is, unencrypted) although the values
are Base64-encoded. Authentication parameters can therefore be intercepted.
2. CRAM-MD5
The server sends a random string
to the client. Both the client and the server calculate an MD5 digest of
the concatenation of the random string and the password; the client then
sends the server the result of its calculation. The server compares the
two results.
This method is more secure than AUTH=LOGIN because the actual password never gets
sent to the server.
2. NTLM
This is Microsoft's proprietary authentication protocol also known as "Challenge/Response".
It is also secure in the sense that the password never gets transmitted over the network.
AspEmail is the only ASP component on the market that is
officially certified to be S/MIME-enabled by 