Question:

What is SMTP-AUTH?  And why is it required on 3Essentials hosting services to send mail?

Answer:

In order to protect 3Essentials servers and network from being used by spammers, 3Essentials requires SMTP-auth to be enabled on any method it's customers use to send mail.  There are basically two methods for sending mail:

• from a mail client, like Outlook, Outlook Express, a webmail tool, etc.
• from your website code, i.e., a webform in PHP, ASP, ASP.net, etc. that collects information from a visitor, and sends an email to you with it.

Before spammers, providers and mail server administrators did not require you to authenticate to a mail server before you sent an email via one of these methods... you could simply connect to the server via SMTP, and send the mail.  But with the pervasive and intrusive nature of spammers, they've exploited this... and now any mail server that allows you to connect "unauthenticated" (i.e., not identifying who your are, and being authorized to send mail), is considered an "open-relay" for mail, and open-relays are a dirty word in the hosting business.

The best first line of defense is to require all people who send mail from your server to have a predefined username and password, and to use that when making the connection to the mail server.  This is SMTP-auth... an SMTP connection which requires "authentication" of your user id / pw before sending mail.  Each method for sending mail implements this slightly differently:

• For desktop mail clients (Outlook, Outtlook Express, etc), the mail client configuration screens will have options for "smtp authentication" being required for the SMTP server.  The following KB articles lead you through configuring popular mail clients to support smtp-auth:
  • Configure Outlook or Outlook Express to send/receive mail
• For website code / scripts, the solution will vary slightly:
  • For FrontPage:
    • Please see the following article: Sending email with FrontPage
  • For ASP, you'll need to use a mail component that supports SMTP authentication.  3Essentials provides Microsoft CDO (aka CDOSYS) and JMail components for this purpose.  Information on those components, and sample code, can be found at the following KB articles:
    • Sending mail from a web page using ASP and JMail
    • Using CDONTS for sending mail
  • For ASP.net, use System.Net.Mail:
    • SMTP-AUTH in ASP.net's System.Web.Mail 
    • SMTP-AUTH in ASP.net's System.Net.Mail
    • 3rd party resource: http://www.systemnetmail.com/faq/4.2.aspx
  • For PHP:
    • If you need to send mail from your own designed PHP page, you'll need to use the PEAR MAIL function.  Info on this function and sample code can be found in the following article:
      • Sending mail with PHP using SMTP-auth
    • If you're using an open source PHP application, the solution may vary slightly.  First, check the email settings configuration option for the product, and if it has options for sending mail via SMTP, SMTP-auth, SMTP username and SMTP password, then it probably supports it out of the box, and you just need to configure those options.  A few common open source products do not support this with their base/default installation, and an add-on is required.  The following KB articles provide info on enabling SMTP-auth for some common, open source, PHP based solutions:
      • Adding SMTP-auth support to OSCommerce
      • Enabling SMTP-AUTH support in phpBB
      • Adding SMTP-auth support to Wordpress
      • SMTP-AUTH support in Sitebuilder 4.x feedback form