Link to home
Start Free TrialLog in
Avatar of zipnotic
zipnoticFlag for United States of America

asked on

Sending an Email from code, safer

Hello,

I've been using the below code to send myself an email when the user registers my application in the field.  It grabs the WAN IP along with the computer name.  The application is free but I've been thinking of charging a low fee for each copy.  Obviously this isn't the best way (putting my account name and password in code) but it is free, simple, and it works.  I'd like to make it a little more secure without costing anything for server space, third party DLLs, etc.  I was looking at some older methods of sending an email direct without logging into gmail account but I couldn't make it work.  Obfuscation doesn't seem like much resilience if someone were to decompile the code.  It's written in VB.Net.  Any ideas?

Current Code:

If Me.txtEmail.Text = "" Or Me.txtAgency.Text = "" Or Me.txtName.Text = "" Then
            MsgBox("Required field left blank.", MsgBoxStyle.Critical, "Error.")
            Exit Sub
        End If


        Try
            eBody = (New WebClient()).DownloadString("http://checkip.dyndns.org/")
            eBody = "IP:" & (New System.Text.RegularExpressions.Regex("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")).Matches(eBody)(0).ToString()
            Me.txtWAN.Text = eBody
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            eBody += "Com Name:" & My.Computer.Name
            Me.txtPCName.Text = My.Computer.Name
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try


        Try
            eBody += "Date: " & Now() & vbCrLf
            eBody += "Name: " & Me.txtName.Text & vbCrLf
            eBody += "Email: " & Me.txtEmail.Text & vbCrLf
            eBody += "Organization: " & Me.txtOrganization.Text & vbCrLf
            eBody += "Comments: " & Me.txtComments.Text & vbCrLf

        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            Dim Smtp_Server As New SmtpClient
            Dim e_mail As New MailMessage()
            Smtp_Server.UseDefaultCredentials = False
            Smtp_Server.Credentials = New NetworkCredential("MyThrowawayGmailAccount@gmail.com", "someobscurepassword")
            Smtp_Server.Port = 587
            Smtp_Server.EnableSsl = True
            Smtp_Server.Host = "smtp.gmail.com"
            e_mail = New MailMessage()
            e_mail.From = New MailAddress("MyThrowawayGmailAccount@gmail.com")
            e_mail.To.Add("myactualgmailaccount@gmail.com")
            e_mail.Subject = "Application Registration " & Now()
            e_mail.IsBodyHtml = False


            eBody = Encrypt(eBody, "encryptionpassword", “encryptionsalt", "SHA1", 3, "somestringhere", 256)
            e_mail.Body = eBody
            Smtp_Server.Send(e_mail)


            Try
                If File.Exists(Application.StartupPath & "\registrationKey.txt") Then
                    File.Delete(Application.StartupPath & "\registrationKey.txt")
                End If

                Using outfile As StreamWriter = File.AppendText(Application.StartupPath & "\RegistrationKey.txt")

                    outfile.Write(eBody)
                    outfile.Close()
                End Using
                ' File.Encrypt(Application.StartupPath & "\RegistrationKey.txt")
            Catch ex As Exception

            End Try
        Catch error_t As Exception
            MsgBox(error_t.ToString)
        End Try

        MsgBox("Registration Complete!", MsgBoxStyle.Exclamation, "Thank You")
        Me.Close()

    End Sub

Open in new window

Avatar of Joe Howard
Joe Howard
Flag of United States of America image

What are those older methods?
Avatar of zipnotic

ASKER

CDOSYS with an internal server on port 25
I don't see how that will help, with CDO you have to put all your information (smtp server, username, password) in the code.
ASKER CERTIFIED SOLUTION
Avatar of Mlanda T
Mlanda T
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
Thanks both of you for the ideas.  What I decided to do for now was deploy an encrypted text file with the application that contains the sensitive info.  My program will then decrypt that file at runtime.  
Far from perfect but at least an extra level obscurity.