C# Programming and IIS security
Posted on 2010-09-14
Our company is currently working on a website upgrade from the C# programmer who originally wrote the code. In his 2nd version of the application; he has changed the authentication type (using Windows auth and tables with authentication data). This application sends email to users in the organization and outside the organization.
Our IT consultant does not want us to use IIS on the in-house web server to pass email, as this could leave us vulnerable to spamming and eventually blacklisting.
Our C# programmer does not have the understanding of how to send the email outside of IIS.
Our hosted email company does support ASP mail with code so that we can use their servers to send email. Our programmer does not know how to apply the code in order to avoid the IIS server sending the email.
Apologies if this is a vague question, but what we really need to assess is what road should we be heading down?
1. Should we be looking into keeping the emails passing through IIS and look into ways to secure the server from outside spamming? Upside/downside of keeping email passing through IIS?
2. Should we be looking into finding another C# programmer who would need to learn this current application and then how to apply the ASP mail settings from our hosted email company? Should this be a specific skill set of a C# programmer, or should we be looking for other areas of expertise?
3. I should state that our email provider does not allow email with authentication. We would really like to use them as we could more easily do message tracking through them should we have the need to troubleshoot mail issues in the future. Is this relevant in our decision? Any drawbacks to using ASP mail in our application?
4. Is there a 3rd party application that we should be investigating? Are there drawbacks? Anyone have any recommendations/success stories?
Please let me know if there is more information needed. I was sparing on specifics; as I think this is more a question of general best practices versus specific code. But I can give details where needed.
Thank you in advance and while I don't expect the experts to train me; points will be awarded for those who can make important distinctions that are not within my skill set so we can move forward.
(75 points per question asked above)