I work for a company that builds embedded systems and we are currently developing a system for residential consumers, our primary focus until recently has been industrial and commercial applications.
One feature of this product is the ability for the device to send emails directly. The problem is the SMTP library is merely a client (as it should be) and thus requires configuring to connect to a mail server.
There is currently a debate going on as to whether we should be providing the mail server configuration information out of the box. At the moment the debate has split our team pretty much between the developers and management.
The developers think it will be too onerous for the “average” user to provide the FQDN or IP of the server, port, user, password and “from” address. Therefore, it would be preferable to only require the user’s email address for the configuration to be complete.
Whereas management is worried about resource utilization (of course everyone is hoping for millions, or at least thousands, of users for our system!) and a “nefarious” user stealing the information we provide and using it for illicit purposes; while the developers don’t think this is likely, as management pointed out, it would only take one spammer getting a hold of the account information and then we would be forced to shut it down for everyone.
The current compromise is to provide a unique email account for each device simple for relaying emails from our product to the user’s email account. Obviously, this creates a management nightmare particularly because we are using a 3rd-party email hosting solution at the moment and can not automate the creation of these emails. Management does not like that fact that we have designed everything else to be automated and then throw in a nice big speed bump by manually creating each email account and then manually configuring each device to use this account.
Of course the developers suggested bring the email service in house but that creates other problems that we can not afford.
Which leads me to my question for the community, have you ever dealt with this problem? What solution did you decide upon? Why was that the best solution for you?
Since management is worried about a “nefarious” user free-riding your company’s email service (besides that thought isn’t that absurd) the only chance you have to not force people to go thru the hassle of configuration or to not burden you guys with manually creating accounts is to provide each client with a unique ID. This ID will allow you to shut down the service for the mallicous user.
One way to do this would be to configure each client to embed a unique ID in the header of every email. See this question. On the server side you would then have to implement a blacklist and check every email’s header against it.
That’s all, without further knowledge of your tech-stack it’s impossible to provide a more detailed answer.