[Delphi 6] Bypassing the Outlook security.

Posted on 2006-11-03
Last Modified: 2011-09-20
Well, the problem is very simple but my customer is making some very high demands... I have an application which will send emails through MAPI. The customer insisted that I use MAPI for this so any other option is 'not done'. So we got to the next level, which is the Outlook Security. And my customer wants the application to send messages without that annoying "Security Manager" popup. Of course, there are several options for this but my customer has shot down all these options.

First I suggested to use Outlook Redemption from but no, it's a third-party ActiveX control and thus my customer becomes a bit itchy. So while this solution would easily solve the problem, my customer said NO and he's the Boss...

The second option was to use the Outlook Security Manager from but this too was not something my customer appreciated. He fails to understand the need for third-party components to solve this issue and I think he expects me to know how to do this job without such controls. Basically, he wants something with sourcecode and both controls don't have any.

I've also suggested to write some "ClickYes" function which would simply click the "Yes" button when the Outlook message pops up but that too was binned. Of course, it's not a good solution anyways.

I also read that there's some trick by changing a registry setting or disabling the Outlook security in general but the customer doesn't agree with such solutions either.

So now I'm stuck. I have a customer who wants my application to send emails through MAPI and without the security popup and I've ran out of options here. Basically, this is a Customer from Hell who should actually become a pointy-haired manager. But he's the Boss and although I'm almost at a point that I want to become extremely rude towards him, I'm still trying one last option. EE. :-)

So, does anyone know of an alternative solution?

(And in the meantime, I will continue to try and convince my customer that this is just impossible to do since Microsoft is enforcing this...)
Question by:Wim ten Brink

Assisted Solution

mugman21 earned 225 total points
ID: 17864995
Tough one, I don't like hookers - but perhaps you could eliminate the message by setting a hook with setwindowshookex and register a callback for message and dialog creations. It's been a realllllllyyyy long time since I've used this function, but I believe it would allow you to dump those security warnings.

If I remember correctly, the messageproc callback fires before anything is displayed, so, you might be able to take some action there....

not sure though....

Good luck,


Accepted Solution

sun4sunday earned 150 total points
ID: 17865665
Click yes can do it. depends on ur user.

Thank god, the user is not asking M$ when he needs to open the notepad when he click the start button :)
Convience him that this is the feature integrated with the outlook

LVL 17

Author Comment

by:Wim ten Brink
ID: 17865692
I have enough API knowledge to write such a ClickYes tool myself but I consider it the most horrible solution possible. It still means that some dialog will pop up. :-(
About hooking the WINAPI functions, well... It's a more interesting solution but still far from perfect.

Right now, I still prefer to keep telling the customer that it cannot be done. Not really funny but still, he will just have to accept this. I can offer plenty of other solutions without the use of MAPI but these are considered undesirable.

Assisted Solution

mugman21 earned 225 total points
ID: 17865701
Do you have any reason why he is objecting to your own SMTP engine?
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

LVL 17

Author Comment

by:Wim ten Brink
ID: 17865743
Ehm, yes. He's a project manager for an extremely large company and their network is extremely complex with all kinds of security issues, etc. In general, people don't even have POP3/SMTP mail access in this company but everything is done through Outlook with Exchange server and an enormous domain treestructure. Even simple things like WebMail and Internet are locked for many users or behind all kinds of proxies.

My own suggestion was even simpler, since all they want is an email containing some XML data as the text of the body of an email. (No attachments allowed.) I suggested that they would set up a simple webservice somewhere and provide me some API to communicate with it. They liked the idea so their project team started to build such a service but then decided it would be better to just have a special mail account which receives the data and have some server send the data to the service.
Yes, WTF was my first response too... Anyway, there's a team of 50+ people making all kinds of decisions and all I have to do is work on a tool that will provide them the data.

Assisted Solution

real_icecoke earned 125 total points
ID: 17870720

this stuff is not my really business, but what is about extended MAPI - afaik extended MAPI is not affected by the mentioned security patch. Is this of help:

just an idea.

LVL 17

Author Comment

by:Wim ten Brink
ID: 17879371
Extended MAPI is an option, although it depends on Microsoft Exchange. This would work for this customer but not in all situations. (It will be hard for me to use since it means I have to set up an exchange server somewhere for testing and a second environment without exchange server.)
Still, I will have a look at it. Thanks!
LVL 17

Author Comment

by:Wim ten Brink
ID: 17913067
Thanks for the input! The customer is now accepting the fact that we can't bypass this and is looking into the ClickYes construction. Basically, he's now on his own since I made it clear that:
1) I can't just bypass this security.
2) an SMTP Client engine or something similar would make it a lot easier.
3) There are better techniques for doing what the customer wants and he will have to look into them now.

He's not a happy customer, though. Basically, the application is sending XML in the body of the message through Outlook which is "automatically" processed by some mailreader (read: some person hired to open all mails and copy/paste the body to the appropiate textfiles) and now he has to think of having something created that will process this data in a better way. Yeah, it counts as a WTF but the customer is still in a development phase for this project. This is just a wake-up call for him that other parts in the projects are slowing me down and I don't have any control over this...

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now