zipnotic
asked on
Sending an Email from code, safer
Hello,
I've been using the below code to send myself an email when the user registers my application in the field. It grabs the WAN IP along with the computer name. The application is free but I've been thinking of charging a low fee for each copy. Obviously this isn't the best way (putting my account name and password in code) but it is free, simple, and it works. I'd like to make it a little more secure without costing anything for server space, third party DLLs, etc. I was looking at some older methods of sending an email direct without logging into gmail account but I couldn't make it work. Obfuscation doesn't seem like much resilience if someone were to decompile the code. It's written in VB.Net. Any ideas?
Current Code:
I've been using the below code to send myself an email when the user registers my application in the field. It grabs the WAN IP along with the computer name. The application is free but I've been thinking of charging a low fee for each copy. Obviously this isn't the best way (putting my account name and password in code) but it is free, simple, and it works. I'd like to make it a little more secure without costing anything for server space, third party DLLs, etc. I was looking at some older methods of sending an email direct without logging into gmail account but I couldn't make it work. Obfuscation doesn't seem like much resilience if someone were to decompile the code. It's written in VB.Net. Any ideas?
Current Code:
If Me.txtEmail.Text = "" Or Me.txtAgency.Text = "" Or Me.txtName.Text = "" Then
MsgBox("Required field left blank.", MsgBoxStyle.Critical, "Error.")
Exit Sub
End If
Try
eBody = (New WebClient()).DownloadString("http://checkip.dyndns.org/")
eBody = "IP:" & (New System.Text.RegularExpressions.Regex("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")).Matches(eBody)(0).ToString()
Me.txtWAN.Text = eBody
eBody += vbCrLf
Application.DoEvents()
Catch ex As Exception
MsgBox(ex.ToString)
End Try
Try
eBody += "Com Name:" & My.Computer.Name
Me.txtPCName.Text = My.Computer.Name
eBody += vbCrLf
Application.DoEvents()
Catch ex As Exception
MsgBox(ex.ToString)
End Try
Try
eBody += "Date: " & Now() & vbCrLf
eBody += "Name: " & Me.txtName.Text & vbCrLf
eBody += "Email: " & Me.txtEmail.Text & vbCrLf
eBody += "Organization: " & Me.txtOrganization.Text & vbCrLf
eBody += "Comments: " & Me.txtComments.Text & vbCrLf
Catch ex As Exception
MsgBox(ex.ToString)
End Try
Try
Dim Smtp_Server As New SmtpClient
Dim e_mail As New MailMessage()
Smtp_Server.UseDefaultCredentials = False
Smtp_Server.Credentials = New NetworkCredential("MyThrowawayGmailAccount@gmail.com", "someobscurepassword")
Smtp_Server.Port = 587
Smtp_Server.EnableSsl = True
Smtp_Server.Host = "smtp.gmail.com"
e_mail = New MailMessage()
e_mail.From = New MailAddress("MyThrowawayGmailAccount@gmail.com")
e_mail.To.Add("myactualgmailaccount@gmail.com")
e_mail.Subject = "Application Registration " & Now()
e_mail.IsBodyHtml = False
eBody = Encrypt(eBody, "encryptionpassword", “encryptionsalt", "SHA1", 3, "somestringhere", 256)
e_mail.Body = eBody
Smtp_Server.Send(e_mail)
Try
If File.Exists(Application.StartupPath & "\registrationKey.txt") Then
File.Delete(Application.StartupPath & "\registrationKey.txt")
End If
Using outfile As StreamWriter = File.AppendText(Application.StartupPath & "\RegistrationKey.txt")
outfile.Write(eBody)
outfile.Close()
End Using
' File.Encrypt(Application.StartupPath & "\RegistrationKey.txt")
Catch ex As Exception
End Try
Catch error_t As Exception
MsgBox(error_t.ToString)
End Try
MsgBox("Registration Complete!", MsgBoxStyle.Exclamation, "Thank You")
Me.Close()
End Sub
What are those older methods?
ASKER
CDOSYS with an internal server on port 25
I don't see how that will help, with CDO you have to put all your information (smtp server, username, password) in the code.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
ASKER
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
ASKER
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
ASKER
Thanks both of you for the ideas. What I decided to do for now was deploy an encrypted text file with the application that contains the sensitive info. My program will then decrypt that file at runtime.
Far from perfect but at least an extra level obscurity.
Far from perfect but at least an extra level obscurity.