Question Is there a way to send emails from asp.net without using SMTP ?

[USAFRet]

SendGrid​

OK, an outside service.

I thought you wanted to do this inhouse?

 

[palladin9479]

We are just trying to push the boundaries as much as possible from our department side. You know. If we go to the IT department, we have to go formally from creating indents to multiple approvals. Imagine if there is a way to send and receive emails without those hassles!!!

This will end poorly for the development manager on this project, very poorly.

If the Operational staff has disabled SMTP, it's because they do not want random employees, that means you, from sending emails. Should you then attempt to implement outbound email via HTTP, POP3 or IMAP, they will find out and when they do your team manager will have a mountain sized hammer fall on their head for violating security policy and incurring legal liability for the company.

Within my own organization I've made it a point to get our developers out of the email client game. We did this by configuring postfix on each host as a relay that only listens on 127.0.0.1 and then forwards to our central managed postfix relay over TLS. This configuration is hardened and any change is forcibly reverted back to our standard. We then manage the flow from that central system, which prevents one of our developers from accidentally sending a million dollar transaction confirmation to one of our clients. We've had people attempt to "push the boundaries" and they are no longer employed here.

Btw our outbound email MTA is Office365, you just build a connector from your central relay to MS (or whatever other provider is used), preferably with SSL certs as the trust.

 

[PrabhakaranKaruppaih]

This will end poorly for the development manager on this project, very poorly.

If the Operational staff has disabled SMTP, it's because they do not want random employees, that means you, from sending emails. Should you then attempt to implement outbound email via HTTP, POP3 or IMAP, they will find out and when they do your team manager will have a mountain sized hammer fall on their head for violating security policy and incurring legal liability for the company.

Within my own organization I've made it a point to get our developers out of the email client game. We did this by configuring postfix on each host as a relay that only listens on 127.0.0.1 and then forwards to our central managed postfix relay over TLS. This configuration is hardened and any change is forcibly reverted back to our standard. We then manage the flow from that central system, which prevents one of our developers from accidentally sending a million dollar transaction confirmation to one of our clients. We've had people attempt to "push the boundaries" and they are no longer employed here.

Btw our outbound email MTA is Office365, you just build a connector from your central relay to MS (or whatever other provider is used), preferably with SSL certs as the trust.

My Manager is with Me 💪

 

[palladin9479]

My Manager is with Me 💪

It's not your manager, it's the Security Director / CISO / CIO. Cyber Security is a serious thing, and the very fact you are attempting to do this means those above individuals are not with you. Otherwise the Operations Director / Security Director or their designated representative would have changed the security enforcement to allow outbound email protocols.

 

[PrabhakaranKaruppaih]

It's not at all that much big institution. Roughly 50 to 60 employees only

 

[USAFRet]

It's not at all that much big institution. Roughly 50 to 60 employees only

Then you should have a shorter pathway to full approval, rather than trying to fake it out.

 

[PrabhakaranKaruppaih]

It's not fake but living with what we have. Sustainability

 

[USAFRet]

It's not fake but living with what we have. Sustainability

Full approval is a MAJOR step on the path to sustainability.

 

[palladin9479]

Regardless, to anyone else in IT reading this, absolutely under no circumstance should you attempt to circumvent organizational security policies. That is one of the quickest ways to get terminated and escorted out the building.

Even the smallest tech startups are taking cybersecurity seriously as ransomware or other cyber attacks, usually facilitated by an unwitting employee, have been on the rise. These attacks have quite large financial and legal liability and all it takes is one person bypassing security policies for the attack to become successful.

Recent high profile attacks

High-Profile Company Data Breaches

Here are the latest data breaches from 2023 and 2024 consisting of high-profile companies that have been affected financially and security-wise.

www.electric.ai

Significant Cyber Incidents | Strategic Technologies Program | CSIS

This timeline lists significant cyber incidents since 2006. We focus on state actions, espionage, and cyberattacks where losses are more than a million dollars. This is a living document. When we learn of a cyber incident, we add it to the chronological order.

www.csis.org

Biggest attacks of all time

The 72 Biggest Data Breaches of All Time [Updated 2023] | UpGuard

Our updated list for 2023 ranks the 72 biggest data breaches of all time, ranked by impact. Learn from their mistakes to avoid costly damages.

www.upguard.com

 

[DSzymborski]

My Manager is with Me 💪

I'm starting to wonder if anyone at this company is qualified to hold their current job.

 

[Ralston18]

@PrabhakaranKaruppaih

Reference "My Manager is with Me"

With you to do specifically what?

I think he might be with you when you are both terminated for violating or attempting to violate the rules.

And, as has been mentioned you are both walked out the door.