DEV Community: Sagan Marketing, LLC The latest articles on DEV Community by Sagan Marketing, LLC (@saganmarketing). https://dev.to/saganmarketing https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3597039%2F3ec5e760-80b5-48f5-9b7e-659dda670e71.png DEV Community: Sagan Marketing, LLC https://dev.to/saganmarketing en Outlook.com Is the Final Boss of 'Just Send an Email' Sagan Marketing, LLC Mon, 25 May 2026 05:21:20 +0000 https://dev.to/saganmarketing/outlookcom-is-the-final-boss-of-just-send-an-email-2gi4 https://dev.to/saganmarketing/outlookcom-is-the-final-boss-of-just-send-an-email-2gi4 <p>Every email project starts with a lie:</p> <blockquote> <p>"I'll just test it with SMTP real quick."</p> </blockquote> <p>That was my plan while working on <strong><a href="http://www.epicmail.org" rel="noopener noreferrer">EpicMail</a></strong>.</p> <p>I wanted a boring, repeatable provider smoke test:</p> <ol> <li>Pick a mailbox provider.</li> <li>Add host, port, username, and password.</li> <li>Send one message.</li> <li>Move on with my life.</li> </ol> <p>Instead, I got a tour of how consumer email providers have slowly turned "send an email" into an authentication archaeology dig.</p> <p>The three providers I tested were:</p> <ul> <li>Gmail</li> <li>iCloud Mail</li> <li>Outlook.com</li> </ul> <p>The surprise was not that OAuth is complicated. Everyone knows OAuth is complicated.</p> <p>The surprise was how much easier the entire C# provider-testing loop became once I stopped trying to solve OAuth on day one and used <strong>app passwords</strong> for developer-owned test accounts.</p> <p>This is not an argument that app passwords are better than OAuth.</p> <p>It is an argument that they are a fantastic debugging ladder.</p> <p>But maybe shipping the ladder as the building is not the answer also.</p> <h2> First C# lesson: do not start with <code>System.Net.Mail.SmtpClient</code> </h2> <p>If you are building this in .NET, the first trap is that the built-in class name looks exactly like what you want:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">System.Net.Mail</span><span class="p">;</span> <span class="kt">var</span> <span class="n">client</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">SmtpClient</span><span class="p">(</span><span class="s">"smtp.example.com"</span><span class="p">);</span> </code></pre> </div> <p>But Microsoft's own docs say <code>System.Net.Mail.SmtpClient</code> is not recommended for new development because it does not support many modern protocols, and they point developers toward MailKit or other libraries instead.</p> <p>So for EpicMail-style testing, I reached for MailKit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package MailKit </code></pre> </div> <p>The boring version of the test looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">MailKit.Net.Smtp</span><span class="p">;</span> <span class="k">using</span> <span class="nn">MailKit.Security</span><span class="p">;</span> <span class="k">using</span> <span class="nn">MimeKit</span><span class="p">;</span> <span class="k">public</span> <span class="k">sealed</span> <span class="k">record</span> <span class="nc">SmtpSmokeTestOptions</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Provider</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Host</span><span class="p">,</span> <span class="kt">int</span> <span class="n">Port</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Username</span><span class="p">,</span> <span class="kt">string</span> <span class="n">Secret</span><span class="p">);</span> <span class="k">public</span> <span class="k">static</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">SendSmokeTestAsync</span><span class="p">(</span> <span class="n">SmtpSmokeTestOptions</span> <span class="n">options</span><span class="p">,</span> <span class="kt">string</span> <span class="n">recipient</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">message</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">MimeMessage</span><span class="p">();</span> <span class="n">message</span><span class="p">.</span><span class="n">From</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">MailboxAddress</span><span class="p">.</span><span class="nf">Parse</span><span class="p">(</span><span class="n">options</span><span class="p">.</span><span class="n">Username</span><span class="p">));</span> <span class="n">message</span><span class="p">.</span><span class="n">To</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span><span class="n">MailboxAddress</span><span class="p">.</span><span class="nf">Parse</span><span class="p">(</span><span class="n">recipient</span><span class="p">));</span> <span class="n">message</span><span class="p">.</span><span class="n">Subject</span> <span class="p">=</span> <span class="s">$"EpicMail smoke test: </span><span class="p">{</span><span class="n">options</span><span class="p">.</span><span class="n">Provider</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="n">message</span><span class="p">.</span><span class="n">Body</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">TextPart</span><span class="p">(</span><span class="s">"plain"</span><span class="p">)</span> <span class="p">{</span> <span class="n">Text</span> <span class="p">=</span> <span class="s">"If this arrived, SMTP is alive."</span> <span class="p">};</span> <span class="k">using</span> <span class="nn">var</span> <span class="n">client</span> <span class="p">=</span> <span class="k">new</span> <span class="n">SmtpClient</span> <span class="p">{</span> <span class="n">Timeout</span> <span class="p">=</span> <span class="m">15_000</span> <span class="p">};</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">ConnectAsync</span><span class="p">(</span> <span class="n">options</span><span class="p">.</span><span class="n">Host</span><span class="p">,</span> <span class="n">options</span><span class="p">.</span><span class="n">Port</span><span class="p">,</span> <span class="n">SecureSocketOptions</span><span class="p">.</span><span class="n">StartTls</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">AuthenticateAsync</span><span class="p">(</span> <span class="n">options</span><span class="p">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">options</span><span class="p">.</span><span class="n">Secret</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">SendAsync</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">DisconnectAsync</span><span class="p">(</span><span class="n">quit</span><span class="p">:</span> <span class="k">true</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>That is the code I wanted the entire project to feel like.</p> <p>A tiny abstraction.</p> <p>A tiny config object.</p> <p>A tiny smoke test.</p> <p>And then reality showed up.</p> <h2> The provider matrix I wanted </h2> <p>For a developer-owned test account, the provider table feels like it <em>should</em> be this simple:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Provider</th> <th>SMTP host</th> <th>Port</th> <th>Credential path for smoke testing</th> </tr> </thead> <tbody> <tr> <td>Gmail</td> <td><code>smtp.gmail.com</code></td> <td><code>587</code></td> <td>Google app password</td> </tr> <tr> <td>iCloud Mail</td> <td><code>smtp.mail.me.com</code></td> <td><code>587</code></td> <td>Apple app-specific password</td> </tr> <tr> <td>Outlook.com</td> <td><code>smtp-mail.outlook.com</code></td> <td><code>587</code></td> <td>Microsoft app password for the controlled test path; OAuth2/Modern Auth for the product path</td> </tr> </tbody> </table></div> <p>As configuration, that becomes extremely boring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"SmtpSmokeTests"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Gmail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Port"</span><span class="p">:</span><span class="w"> </span><span class="mi">587</span><span class="p">,</span><span class="w"> </span><span class="nl">"Username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"you@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Secret"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;gmail app password&gt;"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"iCloud"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp.mail.me.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Port"</span><span class="p">:</span><span class="w"> </span><span class="mi">587</span><span class="p">,</span><span class="w"> </span><span class="nl">"Username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"you@icloud.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Secret"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;apple app-specific password&gt;"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Outlook.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp-mail.outlook.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Port"</span><span class="p">:</span><span class="w"> </span><span class="mi">587</span><span class="p">,</span><span class="w"> </span><span class="nl">"Username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"you@outlook.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Secret"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;microsoft app password or oauth token path&gt;"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The protocol part is not the hard part.</p> <p>The hard part is proving to three giant identity systems that your tiny test harness is not suspicious.</p> <h2> Gmail: the trick is not your normal password </h2> <p>Gmail's SMTP settings are conventional enough: <code>smtp.gmail.com</code>, port <code>587</code>, STARTTLS, authentication required.</p> <p>The trick is that the useful test credential is not your normal Google password.</p> <p>It is a generated app password.</p> <p>That turns this kind of failure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>535-5.7.8 Username and Password not accepted </code></pre> </div> <p>into this kind of progress:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>250 2.1.5 OK </code></pre> </div> <p>For a smoke test, that is a massive difference.</p> <p>No consent screen.</p> <p>No redirect URI.</p> <p>No token refresh.</p> <p>No "is my OAuth app still in testing mode?" rabbit hole.</p> <p>Just a dev mailbox and a generated credential.</p> <p>Google's own Gmail client setup docs list <code>smtp.gmail.com</code>, STARTTLS on port <code>587</code>, and suggest trying an app password when 2-Step Verification is enabled and a mail client cannot sign in.</p> <h2> iCloud Mail: refreshingly literal </h2> <p>iCloud Mail was the provider that felt closest to the old-school SMTP mental model.</p> <p>Apple's settings are direct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SMTP server: smtp.mail.me.com Port: 587 Authentication: required Username: full iCloud email address Password: app-specific password </code></pre> </div> <p>The important detail is the username.</p> <p>For SMTP, Apple says to use the full iCloud Mail email address, not just the local part.</p> <p>So this is good:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>you@icloud.com </code></pre> </div> <p>This is the kind of tiny detail that costs 30 minutes when your test harness only says:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Authentication failed. </code></pre> </div> <p>And it is exactly why provider diagnostics matter.</p> <p>A good product should say:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>iCloud rejected SMTP authentication. Check: - Are you using smtp.mail.me.com on port 587? - Are you using STARTTLS? - Is the username your full iCloud Mail address? - Is the password an Apple app-specific password rather than your Apple Account password? </code></pre> </div> <p>That is not just error handling.</p> <p>That is product UX.</p> <h2> Outlook.com: where SMTP becomes an identity-platform problem </h2> <p>Outlook.com is where the simple smoke test started to feel like a boss fight.</p> <p>The rough shape still looks familiar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SMTP server: smtp-mail.outlook.com Port: 587 Encryption: STARTTLS </code></pre> </div> <p>But then the auth story gets more interesting. With a new Outlook.com test account, I was not able to turn on SMTP... it looked like turned it on, but when I refreshed the page, it showed that it was still off. When I tried to investigate deeper, I noticed that the "Inspect/Developer Tools" Network tab showed an error in the response:</p> <blockquote> <p>POST <a href="https://outlook.live.com/owa/0/service.svc?action=SetConsumerMailbox&amp;app=Mail&amp;n=36" rel="noopener noreferrer">https://outlook.live.com/owa/0/service.svc?action=SetConsumerMailbox&amp;app=Mail&amp;n=36</a><br> 412 (Precondition Failed)<br> Uncaught (in promise) Error: SetConsumerMailbox failed:<br> Microsoft.Exchange.Clients.Owa2.Server.Core.OwaInvalidServiceRequestException</p> </blockquote> <p>Furthermore, Microsoft's Outlook.com SMTP settings list OAuth2 / Modern Auth as the authentication method. The same support surface also documents app passwords for Outlook.com accounts using two-factor authentication when a password is not accepted by another program.</p> <p>That is where the provider test stops being a socket problem and becomes an account-state problem.</p> <p>When Outlook.com rejects you, the question is not just:</p> <blockquote> <p>Did my C# code authenticate correctly?</p> </blockquote> <p>The question becomes:</p> <blockquote> <p>Which authentication universe is this account currently living in?</p> </blockquote> <p>For a developer-owned EpicMail smoke test, an app password was the shortest path to answering the narrow question I cared about first:</p> <blockquote> <p>Can this adapter send one message through Outlook.com SMTP?</p> </blockquote> <p>But I would not treat that as the long-term product answer.</p> <p>For real user onboarding, Outlook.com is clearly pointing the ecosystem toward Modern Auth / OAuth2.</p> <p>That is the central distinction:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Dev-owned smoke test: App password is great. User-owned production account: OAuth2 / provider API is the responsible path. </code></pre> </div> <p>The problem is that both of those workflows might touch the same SMTP host and port.</p> <p>So your code has to know which game it is playing.</p> <h2> App passwords are not "better OAuth" </h2> <p>This is the key lesson.</p> <p>App passwords are not a better security model than OAuth.</p> <p>They are a faster way to answer a narrower engineering question:</p> <blockquote> <p>Can this provider send mail from this controlled test account using SMTP?</p> </blockquote> <p>For EpicMail, that was exactly the question I needed answered first.</p> <p>The app-password credential shape is tiny:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">sealed</span> <span class="k">record</span> <span class="nc">AppPasswordCredential</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Username</span><span class="p">,</span> <span class="kt">string</span> <span class="n">AppPassword</span><span class="p">);</span> </code></pre> </div> <p>The send path is tiny:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">AuthenticateAsync</span><span class="p">(</span> <span class="n">credential</span><span class="p">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">credential</span><span class="p">.</span><span class="n">AppPassword</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> </code></pre> </div> <p>OAuth is a different animal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">sealed</span> <span class="k">record</span> <span class="nc">OAuthSmtpCredential</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Username</span><span class="p">,</span> <span class="kt">string</span> <span class="n">AccessToken</span><span class="p">,</span> <span class="kt">string</span><span class="p">?</span> <span class="n">RefreshToken</span><span class="p">,</span> <span class="n">DateTimeOffset</span> <span class="n">ExpiresAt</span><span class="p">,</span> <span class="kt">string</span><span class="p">[]</span> <span class="n">Scopes</span><span class="p">,</span> <span class="kt">string</span> <span class="n">ProviderClientId</span><span class="p">);</span> </code></pre> </div> <p>And yes, MailKit can authenticate with an OAuth2 access token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">MailKit.Security</span><span class="p">;</span> <span class="kt">var</span> <span class="n">oauth2</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">SaslMechanismOAuth2</span><span class="p">(</span> <span class="n">credential</span><span class="p">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">credential</span><span class="p">.</span><span class="n">AccessToken</span><span class="p">);</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">AuthenticateAsync</span><span class="p">(</span><span class="n">oauth2</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> </code></pre> </div> <p>But that line is not the hard part.</p> <p>The hard part is everything required to make that line safe and repeatable:</p> <ul> <li>provider app registration</li> <li>redirect URIs</li> <li>local development callback URLs</li> <li>consent screen configuration</li> <li>scopes</li> <li>token exchange</li> <li>refresh token storage</li> <li>encryption at rest</li> <li>token refresh</li> <li>revoked consent</li> <li>expired refresh tokens</li> <li>tenant or account policy</li> <li>provider-specific support docs</li> <li>user-facing recovery flows</li> </ul> <p>For a real multi-user product, that work is justified.</p> <p>For a smoke test, it can be a trap.</p> <h2> The abstraction changed once I separated the two paths </h2> <p>The useful design move was to stop pretending that "SMTP auth" is one thing.</p> <p>It is not.</p> <p>At minimum, EpicMail needs to model two credential modes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">abstract</span> <span class="k">record</span> <span class="nc">ProviderCredential</span><span class="p">(</span><span class="kt">string</span> <span class="n">Username</span><span class="p">);</span> <span class="k">public</span> <span class="k">sealed</span> <span class="k">record</span> <span class="nc">AppPasswordCredential</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Username</span><span class="p">,</span> <span class="kt">string</span> <span class="n">AppPassword</span><span class="p">)</span> <span class="p">:</span> <span class="nf">ProviderCredential</span><span class="p">(</span><span class="n">Username</span><span class="p">);</span> <span class="k">public</span> <span class="k">sealed</span> <span class="k">record</span> <span class="nc">OAuthCredential</span><span class="p">(</span> <span class="kt">string</span> <span class="n">Username</span><span class="p">,</span> <span class="kt">string</span> <span class="n">AccessToken</span><span class="p">,</span> <span class="kt">string</span><span class="p">?</span> <span class="n">RefreshToken</span><span class="p">,</span> <span class="n">DateTimeOffset</span> <span class="n">ExpiresAt</span><span class="p">)</span> <span class="p">:</span> <span class="nf">ProviderCredential</span><span class="p">(</span><span class="n">Username</span><span class="p">);</span> </code></pre> </div> <p>Then the adapter can be honest:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">interface</span> <span class="nc">IEmailProviderAdapter</span> <span class="p">{</span> <span class="kt">string</span> <span class="n">ProviderName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="p">}</span> <span class="n">Task</span> <span class="nf">SendSmokeTestAsync</span><span class="p">(</span> <span class="n">ProviderCredential</span> <span class="n">credential</span><span class="p">,</span> <span class="kt">string</span> <span class="n">recipient</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">);</span> <span class="n">ProviderDiagnostic</span> <span class="nf">Diagnose</span><span class="p">(</span><span class="n">Exception</span> <span class="n">exception</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And the Outlook.com adapter can say something useful instead of pretending all failures are equal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">if</span> <span class="p">(</span><span class="n">ProviderName</span> <span class="p">==</span> <span class="s">"Outlook.com"</span> <span class="p">&amp;&amp;</span> <span class="n">credential</span> <span class="k">is</span> <span class="n">AppPasswordCredential</span><span class="p">)</span> <span class="p">{</span> <span class="n">diagnostic</span><span class="p">.</span><span class="n">Warnings</span><span class="p">.</span><span class="nf">Add</span><span class="p">(</span> <span class="s">"App passwords are useful for controlled Outlook.com smoke tests, "</span> <span class="p">+</span> <span class="s">"but OAuth2 / Modern Auth is the better user-facing path."</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>That warning is not bureaucracy.</p> <p>It is future you leaving a note for support-ticket you.</p> <h2> The error taxonomy became the real feature </h2> <p>The most useful part of this work was not the successful send.</p> <p>It was cataloging failures.</p> <p>The first version of an email integration usually thinks it needs this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="kt">bool</span> <span class="n">Sent</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">init</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>What it actually needs is closer to this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">enum</span> <span class="n">ProviderDiagnosticCode</span> <span class="p">{</span> <span class="n">Success</span><span class="p">,</span> <span class="n">TcpConnectionFailed</span><span class="p">,</span> <span class="n">StartTlsFailed</span><span class="p">,</span> <span class="n">AuthenticationRejected</span><span class="p">,</span> <span class="n">SenderRejected</span><span class="p">,</span> <span class="n">RecipientRejected</span><span class="p">,</span> <span class="n">ProviderPolicyRejected</span><span class="p">,</span> <span class="n">RateLimited</span><span class="p">,</span> <span class="n">MessageRejected</span><span class="p">,</span> <span class="n">Unknown</span> <span class="p">}</span> </code></pre> </div> <p>Because users do not need to know that <code>SmtpCommandException</code> happened.</p> <p>They need to know what to do next.</p> <p>A raw error says:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MailKit.Security.AuthenticationException: Authentication failed. </code></pre> </div> <p>A useful EpicMail-style diagnostic says:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Outlook.com rejected SMTP authentication. Check: - Are you using smtp-mail.outlook.com on port 587? - Are you using STARTTLS? - Is this account expecting OAuth2 / Modern Auth? - If this is a dev-owned smoke test, is the Microsoft app password valid? - Did Microsoft flag the sign-in in Recent Activity? </code></pre> </div> <p>That is the difference between supporting SMTP and understanding email providers.</p> <h2> The C# testing loop I wish I had started with </h2> <p>Instead of starting with "send an email," I wish I had started with a checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">checks</span> <span class="p">=</span> <span class="k">new</span><span class="p">[]</span> <span class="p">{</span> <span class="s">"Can resolve SMTP host"</span><span class="p">,</span> <span class="s">"Can open TCP connection"</span><span class="p">,</span> <span class="s">"Can upgrade with STARTTLS"</span><span class="p">,</span> <span class="s">"Can authenticate"</span><span class="p">,</span> <span class="s">"Can send MAIL FROM"</span><span class="p">,</span> <span class="s">"Can send RCPT TO"</span><span class="p">,</span> <span class="s">"Can send DATA"</span><span class="p">,</span> <span class="s">"Can receive final provider response"</span><span class="p">,</span> <span class="s">"Can map provider error to setup advice"</span> <span class="p">};</span> </code></pre> </div> <p>The happy path is one row in that table.</p> <p>The product is the rest of the table.</p> <p>For each provider, I now want cases like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>✅ valid app password ❌ normal account password ❌ revoked app password ❌ wrong SMTP host ❌ wrong port ❌ STARTTLS disabled ❌ username missing full iCloud address ❌ Outlook.com account expects OAuth2 / Modern Auth ❌ provider flags suspicious login ❌ provider accepts login but rejects sender ❌ provider rate-limits or policy-blocks the message </code></pre> </div> <p>That is where the value is.</p> <p>A generic SMTP client can throw raw provider errors.</p> <p>A product should translate them.</p> <h2> The practical rule I ended up with </h2> <p>My current rule for EpicMail is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>For developer-owned smoke tests: Use app passwords when the provider supports them. For user-owned accounts: Use OAuth2 / provider-approved auth flows. For serious production sending: Consider transactional email providers instead of consumer inboxes. </code></pre> </div> <p>App passwords made Gmail, iCloud Mail, and Outlook.com easier to compare because they reduced the test surface area.</p> <p>That mattered.</p> <p>It let me test the boring-but-critical pieces first:</p> <ul> <li>SMTP host and port</li> <li>STARTTLS behavior</li> <li>message construction</li> <li>sender validation</li> <li>recipient validation</li> <li>provider-specific rejection messages</li> <li>useful diagnostics</li> </ul> <p>Then OAuth can come later as a product-grade authentication layer instead of blocking the first transport-layer proof.</p> <p>OAuth is the production path.</p> <p>App passwords are the debugging ladder.</p> <p>Do not ship the ladder as the building... or if you do then version 1.1 should be adding OATH to Outlook, Gmail, iCloud... probably in that order too.</p> <h2> References </h2> <ul> <li><a href="https://support.google.com/mail/answer/7104828?hl=en" rel="noopener noreferrer">Gmail Help: Gmail SMTP settings and app password troubleshooting</a></li> <li><a href="https://support.apple.com/en-us/102525" rel="noopener noreferrer">Apple Support: iCloud Mail server settings for other email client apps</a></li> <li><a href="https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040" rel="noopener noreferrer">Microsoft Support: POP, IMAP, and SMTP settings for Outlook.com</a></li> <li><a href="https://support.microsoft.com/en-gb/office/add-your-outlook-com-account-in-outlook-for-windows-642c1902-bdd9-4dc3-abe7-76d60b148b23" rel="noopener noreferrer">Microsoft Support: Generate an app password for Outlook.com</a></li> <li><a href="https://learn.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient" rel="noopener noreferrer">Microsoft Learn: <code>System.Net.Mail.SmtpClient</code> is not recommended for new development</a></li> </ul> mail smtp oauth webdev Free Website Uptime API — JSON for Developers and AI Integrations Sagan Marketing, LLC Wed, 05 Nov 2025 11:07:01 +0000 https://dev.to/saganmarketing/free-website-uptime-api-json-for-developers-and-ai-integrations-519m https://dev.to/saganmarketing/free-website-uptime-api-json-for-developers-and-ai-integrations-519m <h1> 🚀 Launch Announcement </h1> <p>We’re excited to share that <a href="https://siteinformant.com" rel="noopener noreferrer"><strong>Site Informant</strong></a> — the affordable website uptime monitoring service — now provides a <strong>public JSON API</strong> for developers and AI tools.</p> <p>With one simple GET request, you can pull live uptime, response-time, and SSL-certificate data for any site you monitor (or any site that’s opted-in for public visibility).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET https://api.siteinformant.com/api/public/status/prudentdev.com </code></pre> </div> <blockquote> <p>💡 Example response<br> {<br> "domain": "prudentdev.com",<br> "uptimePercent": 100,<br> "isOnline": true,<br> "lastCheckUtc": "2025-11-04T07:45:00Z",<br> "averageResponseMs": 238,<br> "sslExpiresUtc": "2026-01-04T00:00:00Z",<br> "sslIssuer": "Let's Encrypt"<br> }</p> </blockquote> <p>🧠 <strong>Why it matters</strong></p> <p>No API key required</p> <p>Perfect for dashboards, chatbots, and AI monitoring agents</p> <p>Data available for any public site you manage through Site Informant</p> <p><a href="https://api.siteinformant.com/api/public/openapi.json" rel="noopener noreferrer">OpenAPI spec</a> for instant integration</p> <p>🛠️ <strong>For developers</strong></p> <p>Check out our full <a href="https://siteinformant.com/Developers" rel="noopener noreferrer">Developers</a> page<br> with C# and curl examples, rate-limit info, and integration notes.</p> <p>🌐 <strong>Try it free</strong></p> <p>Monitor one site free, and add more for only $1/month per 5 sites.<br> Start here → <a href="https://siteinformant.com" rel="noopener noreferrer">https://siteinformant.com</a></p> <p>Originally published on <a href="https://siteinformant.com/blog/free-website-uptime-api" rel="noopener noreferrer">siteinformant.com/blog/free-website-uptime-api</a></p> api webdev sitereliabilityengineering ai