We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


[Delphi 6] Bypassing the Outlook security.

Wim ten Brink
Medium Priority
Last Modified: 2011-09-20
Well, the problem is very simple but my customer is making some very high demands... I have an application which will send emails through MAPI. The customer insisted that I use MAPI for this so any other option is 'not done'. So we got to the next level, which is the Outlook Security. And my customer wants the application to send messages without that annoying "Security Manager" popup. Of course, there are several options for this but my customer has shot down all these options.

First I suggested to use Outlook Redemption from http://www.dimastr.com/redemption/ but no, it's a third-party ActiveX control and thus my customer becomes a bit itchy. So while this solution would easily solve the problem, my customer said NO and he's the Boss...

The second option was to use the Outlook Security Manager from http://www.add-in-express.com/outlook-security/ but this too was not something my customer appreciated. He fails to understand the need for third-party components to solve this issue and I think he expects me to know how to do this job without such controls. Basically, he wants something with sourcecode and both controls don't have any.

I've also suggested to write some "ClickYes" function which would simply click the "Yes" button when the Outlook message pops up but that too was binned. Of course, it's not a good solution anyways.

I also read that there's some trick by changing a registry setting or disabling the Outlook security in general but the customer doesn't agree with such solutions either.

So now I'm stuck. I have a customer who wants my application to send emails through MAPI and without the security popup and I've ran out of options here. Basically, this is a Customer from Hell who should actually become a pointy-haired manager. But he's the Boss and although I'm almost at a point that I want to become extremely rude towards him, I'm still trying one last option. EE. :-)

So, does anyone know of an alternative solution?

(And in the meantime, I will continue to try and convince my customer that this is just impossible to do since Microsoft is enforcing this...)
Watch Question

Tough one, I don't like hookers - but perhaps you could eliminate the message by setting a hook with setwindowshookex and register a callback for message and dialog creations. It's been a realllllllyyyy long time since I've used this function, but I believe it would allow you to dump those security warnings.

If I remember correctly, the messageproc callback fires before anything is displayed, so, you might be able to take some action there....

not sure though....

Good luck,


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Click yes can do it. depends on ur user.

Thank god, the user is not asking M$ when he needs to open the notepad when he click the start button :)
Convience him that this is the feature integrated with the outlook

Wim ten BrinkSelf-employed developer


I have enough API knowledge to write such a ClickYes tool myself but I consider it the most horrible solution possible. It still means that some dialog will pop up. :-(
About hooking the WINAPI functions, well... It's a more interesting solution but still far from perfect.

Right now, I still prefer to keep telling the customer that it cannot be done. Not really funny but still, he will just have to accept this. I can offer plenty of other solutions without the use of MAPI but these are considered undesirable.
Do you have any reason why he is objecting to your own SMTP engine?
Wim ten BrinkSelf-employed developer


Ehm, yes. He's a project manager for an extremely large company and their network is extremely complex with all kinds of security issues, etc. In general, people don't even have POP3/SMTP mail access in this company but everything is done through Outlook with Exchange server and an enormous domain treestructure. Even simple things like WebMail and Internet are locked for many users or behind all kinds of proxies.

My own suggestion was even simpler, since all they want is an email containing some XML data as the text of the body of an email. (No attachments allowed.) I suggested that they would set up a simple webservice somewhere and provide me some API to communicate with it. They liked the idea so their project team started to build such a service but then decided it would be better to just have a special mail account which receives the data and have some server send the data to the service.
Yes, WTF was my first response too... Anyway, there's a team of 50+ people making all kinds of decisions and all I have to do is work on a tool that will provide them the data.

this stuff is not my really business, but what is about extended MAPI - afaik extended MAPI is not affected by the mentioned security patch. Is this of help:


just an idea.

Wim ten BrinkSelf-employed developer


Extended MAPI is an option, although it depends on Microsoft Exchange. This would work for this customer but not in all situations. (It will be hard for me to use since it means I have to set up an exchange server somewhere for testing and a second environment without exchange server.)
Still, I will have a look at it. Thanks!
Wim ten BrinkSelf-employed developer


Thanks for the input! The customer is now accepting the fact that we can't bypass this and is looking into the ClickYes construction. Basically, he's now on his own since I made it clear that:
1) I can't just bypass this security.
2) an SMTP Client engine or something similar would make it a lot easier.
3) There are better techniques for doing what the customer wants and he will have to look into them now.

He's not a happy customer, though. Basically, the application is sending XML in the body of the message through Outlook which is "automatically" processed by some mailreader (read: some person hired to open all mails and copy/paste the body to the appropiate textfiles) and now he has to think of having something created that will process this data in a better way. Yeah, it counts as a WTF but the customer is still in a development phase for this project. This is just a wake-up call for him that other parts in the projects are slowing me down and I don't have any control over this...
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.