How do I send emails through a SMTP server that require authentication?

Previous  Top  Next

Before answering this question, we do well to state that Authentication was never in the original SMTP protocol. When RFC 821 was written in 1982, third-party SMTP servers and gateways had to relay messages between other hosts and the other hosts would act as an intermediaries between the originating SMTP servers and the intended destination. That was how E-Mail worked at the time. As time went on, the need for intermediate SMTP servers to relay messages between an originating server and a destination server faded and as the internet opened up to the general public, the capability to relay messages from a client on a different network to a destination outside of the SMTP server's network only became a security hazard that was exploited by spammers and others out to abuse E-Mail.


There are several ways that the security threat was addressed.


The SMTP server was configured to simply send mail to other networks that originated only from specific I.P. Addresses in the server's network.
The SMTP servers would require the client sending the outgoing E-Mail to authenticate by logging into the POP3 (Post Office Protocol 3) server and immediately afterwards, send the E-Mail to the SMTP server.
The third-way is by adding some extensions to the SMTP protocol that would use various Simple Authentication and Security Layer (SASL) mechanisms to ensure that the client is authorized to send outgoing E-Mail and these extensions and SASL mechanisms were formalized into standards.


Since the first two methods are relatively straightforward, we will only discuss how to use Indy's RFC 2554 support.


For Indy 8.0 and 9.0


Indy's TIdSMTP component has only limited RFC 2554 support in that it can only support one SASL mechanism called LOGIN. There are other SASL mechanisms that can be used such as CRAM-MD5, Digest MD5, Kerberos 4, GSSAPI (Generic Security Service Application Program Interface), and S/Key. Those SASL mechanisms are not supported in that version.


To use Indy's LOGIN SASL support, simply set the TIdSMTP UserName property to the username, and password property to the user's account password, and the AuthenticationType property to atLogin. Then send the E-Mail as you normally would. You can also use Indy to determine if LOGIN authentication support is available on the SMTP server and using it if it is available by using the AuthSchemesSupported property with code like this:


IdSMTP1.AuthenticationType := atNone;


try if

   IdSMTP1.AuthSchemesSupported.IndexOf('LOGIN')>-1 then


     IdSMTP1.AuthenticationType := atLogin;








For Indy 10


You can use simple AUTH LOGIN similarly to Indy 9.0.  Set TIdSMTP.AuthType to atDefault.  Then set the Username and password properties in TIdSMTP.


This provided for backwards compatibility.  For many programs which are distributed to the public or on a mass scale, we recommend that you use Indy 10's SASL framework for authentication so your program can support a wide variety of SMTP servers.  Our expanded SASL framework supports TIdSMTP, TIdPOP3, and TIdIMAP4.  This framework has plug-in SASL mechanism components for CRAM (Challenge-Response Authentication Mechanism) MD5 SASL (RFC 2195), Anonymous SASL (RFC 2245), External SASL (RFC 2222), Login, One-Time-Only-Password - OTP (RFC 2444), Plain SASL (2595), and S/Key (RFC 2222).  You can also write your own SASL mechanism component by writing a descendent of TIdSASL (located in IdSASL).  To use this with framework with TIdSMTP:


1.Drop a SASL mechanism component on your form.  Those components are located on the new Indy SASL tab in the component palette.
2.In TIdSMTP, set the AuthType property to atSASL.
3.In TIdSMTP, click the button beside the SASLMechanisms property.  An editor will appear. 
4.Select the SASL mechanism components you wish to use with TIdSMTP from the available listbox. 
5.Click the RIght arrow to move those to the Assigned listbox.
6.Click Ok when you are finished.