are smtp credentials secure to send to smtp client yahoo?

road_dog · ‎11-01-2009

I just sent an email via LabVIEW. It worked! I needed to supply my username and password to allow the SmtpClient (smtp.mail.yahoo.com) to authenticate and send my email. SSL was not enabled. Where does the SMTP Server reside? Does the process of authentication expose username and password to security risk?

Thanks Much!

road dog

smercurio_fc · ‎11-01-2009

If you actually used authentication then you must not have been using the SMTP VIs that ship with LabVIEW since they don't support authentication. Were you using the OpenG SMTP VIs, or .NET?

As for your other question, authentication is not the same as a secure connection or an encrypted connection. The authentication is simply there to try to prevent, for example, email servers to be used as relays. It just means that the server will only accept a message that has a "from" with an email address that's in the same domain as the email server. As for where the SMTP server resides, I don't know what you mean by this. It resides in one of Yahoo's many facilities. Why do you need to know its physical location?

rolfk · ‎11-02-2009

As smercurio already said it depends on which SMTP VIs you used. The native SMTP VIs do not support any authentification so they couldn't be used. The OpenG only support BASIC authentification which use no encryption at all (no BASE64 encoding is no encryption at all!!!) so your username and password are in the open while transfered to the remote server.

If you use a VI library that uses ActiveX or .Net to use one of the platform libraries such as from Outlook, it can support encrypted authentification but if it does depends on the configuration of said service.

Rolf Kalbermatter
My Blog

Cory_K · ‎11-02-2009

To my knowledge, Yahoo doesnt use any encryption (SSL or TLS).

This probably wont be an issue, but whenever you transfer usernames/passwords without any encryption you are taking a risk.

If you want to use a secure mail server, try something like GMail.

There are VIs already written to handle SSL encryption, try a search on the forums.

Cory K

road_dog · ‎11-02-2009

Thanks all for your replies. I used .NET. One of the objects was SmtpClient and the 'Credentials' input was wired to a NetworkCredential object whose input was 'userName' and 'password'. The output of the SmtpClient 'Credentials' object fed into an SmtpClient with 'EnableSsl' set to False. At any rate, using port 587 my message got sent to my account at Yahoo. And I realize now there is risk when SSL is not used.

So I have switched to GMail, using VIs I found on the forums to both send to and receive mail from my GMail account, and both of which enable SSL.

Thanks again,

road dog

rolfk · ‎11-02-2009

Cory K wrote:
To my knowledge, Yahoo doesnt use any encryption (SSL or TLS).
This probably wont be an issue, but whenever you transfer usernames/passwords without any encryption you are taking a risk.
If you want to use a secure mail server, try something like GMail.
There are VIs already written to handle SSL encryption, try a search on the forums.

You don't necessarily have to encrypt the entire transfer. There are options to encrypt just thelogin authentification credentials. Methods used for that are for instance MD5 or SHA1.

This does not secure the actual transport of emails, but at least the login credentials.

Rolf Kalbermatter
My Blog

LabVIEW

are smtp credentials secure to send to smtp client yahoo?

are smtp credentials secure to send to smtp client yahoo?

Re: are smtp credentials secure to send to smtp client yahoo?

Re: are smtp credentials secure to send to smtp client yahoo?

Re: are smtp credentials secure to send to smtp client yahoo?

Re: are smtp credentials secure to send to smtp client yahoo?

Re: are smtp credentials secure to send to smtp client yahoo?