I have an existing asp.net c# application for which I’d like to implement a feature that allows users to post content via email. A user would send an email to a designated address and the system would parse the email and create database entries using the email subject, body and any attached images. My proposed approach is to create a windows service that pings a pop3/imap enabled email provider to retrieve incoming emails. The service would then parse the emails using an existing library I found here http://www.lesnikowski.com/mail/. The user would be matched according to the email address in the from field to the asp.net membership and then new records would be inserted from the contents of the email for that user. Initially the windows service would run on a separate EC2 instance that I’ll set up for this purpose since the current host does not permit root access. But eventually I’ll probably migrate the entire site to EC2.
Before I dive in I wanted to get some feedback from you all on my overall approach and architecture. More specifically:
- Is what I described above the approach you would take?
- Would you recommend implementing a web service to manage the interactions between the windows service and the database of the asp.net site? Or would you recommend hitting the database directly?
- If I program the windows service to
ping the email provider every 30
seconds, will that be a problem? - Do you foresee any security issues with this approach I’ve outlined?
- What about issues with reliability (needs to be a 24×7 service)?
Additional Background — the asp.net website is an inventory system where each entry has a name, description and optional images. From the email the subject will become the name, the body will become the description and the images are the images. If you’re familiar with the Posterous blogging platform you’ll have an excellent reference point for what I am trying to accomplish.
It would be better if you could set up an Exchange server or sth similiar where you get notifications about new emails, so you don’t have to ping every 30 minutes, but I never did it this way and cannot tell you if this is even possible.
The approach itself sounds plausible, because sending emails is really easy and everybody knows how to do that.
I would recommend an extra abstraction layer, because it is not much effort and improves the design. This decreases performance (shouldn’t be that much), so it depends on your requirements.
Depends on your email provider. Normally and if they allow it: No. You should definetly ask them first.
If it’s your own: You’re good to go.
There can be problems however if you’re doing this inside a thread and you’re accessing the IMAP multiple times at the same time. You should try to avoid that.
Yes. You can easily forge the “from” field of an email you’ve send. There can be issues then, if the email is known. You should definetly add some kind of extra security like sending the mail to
<SaltedHashThatIsDifferentForEachUser>@example.com. (Facebook does this too for example)I see more problems with the reliability of your email provider than with your service, because as long as the emails are saved, you can still parse them later.
You should investigate the maximum size of your imap to avoid rejected mails (e.g. delete them once you’ve successfully parsed them)