[Delphi 6] Bypassing the Outlook security.

Posted on 2006-11-03
Last Modified: 2011-09-20
Well, the problem is very simple but my customer is making some very high demands... I have an application which will send emails through MAPI. The customer insisted that I use MAPI for this so any other option is 'not done'. So we got to the next level, which is the Outlook Security. And my customer wants the application to send messages without that annoying "Security Manager" popup. Of course, there are several options for this but my customer has shot down all these options.

First I suggested to use Outlook Redemption from but no, it's a third-party ActiveX control and thus my customer becomes a bit itchy. So while this solution would easily solve the problem, my customer said NO and he's the Boss...

The second option was to use the Outlook Security Manager from but this too was not something my customer appreciated. He fails to understand the need for third-party components to solve this issue and I think he expects me to know how to do this job without such controls. Basically, he wants something with sourcecode and both controls don't have any.

I've also suggested to write some "ClickYes" function which would simply click the "Yes" button when the Outlook message pops up but that too was binned. Of course, it's not a good solution anyways.

I also read that there's some trick by changing a registry setting or disabling the Outlook security in general but the customer doesn't agree with such solutions either.

So now I'm stuck. I have a customer who wants my application to send emails through MAPI and without the security popup and I've ran out of options here. Basically, this is a Customer from Hell who should actually become a pointy-haired manager. But he's the Boss and although I'm almost at a point that I want to become extremely rude towards him, I'm still trying one last option. EE. :-)

So, does anyone know of an alternative solution?

(And in the meantime, I will continue to try and convince my customer that this is just impossible to do since Microsoft is enforcing this...)
Question by:Wim ten Brink

Assisted Solution

mugman21 earned 225 total points
ID: 17864995
Tough one, I don't like hookers - but perhaps you could eliminate the message by setting a hook with setwindowshookex and register a callback for message and dialog creations. It's been a realllllllyyyy long time since I've used this function, but I believe it would allow you to dump those security warnings.

If I remember correctly, the messageproc callback fires before anything is displayed, so, you might be able to take some action there....

not sure though....

Good luck,


Accepted Solution

sun4sunday earned 150 total points
ID: 17865665
Click yes can do it. depends on ur user.

Thank god, the user is not asking M$ when he needs to open the notepad when he click the start button :)
Convience him that this is the feature integrated with the outlook

LVL 17

Author Comment

by:Wim ten Brink
ID: 17865692
I have enough API knowledge to write such a ClickYes tool myself but I consider it the most horrible solution possible. It still means that some dialog will pop up. :-(
About hooking the WINAPI functions, well... It's a more interesting solution but still far from perfect.

Right now, I still prefer to keep telling the customer that it cannot be done. Not really funny but still, he will just have to accept this. I can offer plenty of other solutions without the use of MAPI but these are considered undesirable.
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Assisted Solution

mugman21 earned 225 total points
ID: 17865701
Do you have any reason why he is objecting to your own SMTP engine?
LVL 17

Author Comment

by:Wim ten Brink
ID: 17865743
Ehm, yes. He's a project manager for an extremely large company and their network is extremely complex with all kinds of security issues, etc. In general, people don't even have POP3/SMTP mail access in this company but everything is done through Outlook with Exchange server and an enormous domain treestructure. Even simple things like WebMail and Internet are locked for many users or behind all kinds of proxies.

My own suggestion was even simpler, since all they want is an email containing some XML data as the text of the body of an email. (No attachments allowed.) I suggested that they would set up a simple webservice somewhere and provide me some API to communicate with it. They liked the idea so their project team started to build such a service but then decided it would be better to just have a special mail account which receives the data and have some server send the data to the service.
Yes, WTF was my first response too... Anyway, there's a team of 50+ people making all kinds of decisions and all I have to do is work on a tool that will provide them the data.

Assisted Solution

real_icecoke earned 125 total points
ID: 17870720

this stuff is not my really business, but what is about extended MAPI - afaik extended MAPI is not affected by the mentioned security patch. Is this of help:

just an idea.

LVL 17

Author Comment

by:Wim ten Brink
ID: 17879371
Extended MAPI is an option, although it depends on Microsoft Exchange. This would work for this customer but not in all situations. (It will be hard for me to use since it means I have to set up an exchange server somewhere for testing and a second environment without exchange server.)
Still, I will have a look at it. Thanks!
LVL 17

Author Comment

by:Wim ten Brink
ID: 17913067
Thanks for the input! The customer is now accepting the fact that we can't bypass this and is looking into the ClickYes construction. Basically, he's now on his own since I made it clear that:
1) I can't just bypass this security.
2) an SMTP Client engine or something similar would make it a lot easier.
3) There are better techniques for doing what the customer wants and he will have to look into them now.

He's not a happy customer, though. Basically, the application is sending XML in the body of the message through Outlook which is "automatically" processed by some mailreader (read: some person hired to open all mails and copy/paste the body to the appropiate textfiles) and now he has to think of having something created that will process this data in a better way. Yeah, it counts as a WTF but the customer is still in a development phase for this project. This is just a wake-up call for him that other parts in the projects are slowing me down and I don't have any control over this...

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question