Sending an Email from code, safer

Hello,

I've been using the below code to send myself an email when the user registers my application in the field.  It grabs the WAN IP along with the computer name.  The application is free but I've been thinking of charging a low fee for each copy.  Obviously this isn't the best way (putting my account name and password in code) but it is free, simple, and it works.  I'd like to make it a little more secure without costing anything for server space, third party DLLs, etc.  I was looking at some older methods of sending an email direct without logging into gmail account but I couldn't make it work.  Obfuscation doesn't seem like much resilience if someone were to decompile the code.  It's written in VB.Net.  Any ideas?

Current Code:

If Me.txtEmail.Text = "" Or Me.txtAgency.Text = "" Or Me.txtName.Text = "" Then
            MsgBox("Required field left blank.", MsgBoxStyle.Critical, "Error.")
            Exit Sub
        End If


        Try
            eBody = (New WebClient()).DownloadString("http://checkip.dyndns.org/")
            eBody = "IP:" & (New System.Text.RegularExpressions.Regex("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")).Matches(eBody)(0).ToString()
            Me.txtWAN.Text = eBody
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            eBody += "Com Name:" & My.Computer.Name
            Me.txtPCName.Text = My.Computer.Name
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try


        Try
            eBody += "Date: " & Now() & vbCrLf
            eBody += "Name: " & Me.txtName.Text & vbCrLf
            eBody += "Email: " & Me.txtEmail.Text & vbCrLf
            eBody += "Organization: " & Me.txtOrganization.Text & vbCrLf
            eBody += "Comments: " & Me.txtComments.Text & vbCrLf

        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            Dim Smtp_Server As New SmtpClient
            Dim e_mail As New MailMessage()
            Smtp_Server.UseDefaultCredentials = False
            Smtp_Server.Credentials = New NetworkCredential("MyThrowawayGmailAccount@gmail.com", "someobscurepassword")
            Smtp_Server.Port = 587
            Smtp_Server.EnableSsl = True
            Smtp_Server.Host = "smtp.gmail.com"
            e_mail = New MailMessage()
            e_mail.From = New MailAddress("MyThrowawayGmailAccount@gmail.com")
            e_mail.To.Add("myactualgmailaccount@gmail.com")
            e_mail.Subject = "Application Registration " & Now()
            e_mail.IsBodyHtml = False


            eBody = Encrypt(eBody, "encryptionpassword", “encryptionsalt", "SHA1", 3, "somestringhere", 256)
            e_mail.Body = eBody
            Smtp_Server.Send(e_mail)


            Try
                If File.Exists(Application.StartupPath & "\registrationKey.txt") Then
                    File.Delete(Application.StartupPath & "\registrationKey.txt")
                End If

                Using outfile As StreamWriter = File.AppendText(Application.StartupPath & "\RegistrationKey.txt")

                    outfile.Write(eBody)
                    outfile.Close()
                End Using
                ' File.Encrypt(Application.StartupPath & "\RegistrationKey.txt")
            Catch ex As Exception

            End Try
        Catch error_t As Exception
            MsgBox(error_t.ToString)
        End Try

        MsgBox("Registration Complete!", MsgBoxStyle.Exclamation, "Thank You")
        Me.Close()

    End Sub

Open in new window

zipnoticAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MacroShadowCommented:
What are those older methods?
0
zipnoticAuthor Commented:
CDOSYS with an internal server on port 25
0
MacroShadowCommented:
I don't see how that will help, with CDO you have to put all your information (smtp server, username, password) in the code.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

MlandaTCommented:
The only way I can think to do this is to modify your app to submit to a Google Form (which is free). You could gather the necessary data in your app, and submit it the Google Form, which would store the data in a linked Google Spreadsheet. There are events on the Google Spreadsheet which allow you to execute code - including sending an email when data is submitted to the form Or just use the Email Notifications feature of Google Forms which sends you an email when data is submitted to the form. This approach achieves several things:

1 - Keeps your username and password for the email secure. You just publish the Google Forms key.
2 - Everything remains free
3 - Behind many corporate networks, you have better chance of submitting HTTP data as opposed to accessing 3rd Party SMTP servers (which is a point of failure in your current approach)
4 - You learn Google Forms and Google Spreasheets loool :)

Have a look at:
http://www.codeproject.com/Tips/143208/How-to-Submit-Google-Docs-Form-by-using-Csharp
http://www.gilgh.com/article/send-data-to-a-google-form-using-asp-net,-c

http://www.labnol.org/internet/email-notification-for-google-docs-forms/5248/
Or just use the MailApp.sendEmail(email, subject, message) in the Google SpreadSheet.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jacques Bourgeois (James Burger)PresidentCommented:
Store the sensitive information in an encrypted portion of the application configuration file. The technique is simple and explained in Encrypting Configuration Information Using Protected Configuration.
0
zipnoticAuthor Commented:
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
zipnoticAuthor Commented:
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
zipnoticAuthor Commented:
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
Jacques Bourgeois (James Burger)PresidentCommented:
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
zipnoticAuthor Commented:
Thanks both of you for the ideas.  What I decided to do for now was deploy an encrypted text file with the application that contains the sensitive info.  My program will then decrypt that file at runtime.  
Far from perfect but at least an extra level obscurity.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.