Flaw with email client

Nick_26792935116

This is an issue that is very frustrating. Some email servers require a login ID that is not the same as the email address, so for example your email address might be in the normal form (I can't quote an example as this board doesn't permit "links") but your login ID might be "user", or even something unrelated such as "loginID".

However the Reolink built-in email client only supports the following fields:

Sender Name (not functional as such, just displays as the name of the person sending the email)
Sender Address (this is used in two ways, for the address from which the email has been sent AND as the login ID for the mail server)
Password (the password for the mail server account)
Recipient Address 1, 2 & 3 (great to have three addresses)

To be compatible with all mail servers there needs to be another field, which is UserID, or LoginID, whatever name is chosen for it. This would be the ID which is sent to the email server when the email is sent if authentication is required (as it should be in most cases for security reasons and to avoid your server being used for spam). Without this you can ONLY send emails via servers which use the email address as the login ID, which is most definitely not all of the servers which people use.

I can imagine that Reolink think it is simpler and maybe less confusing to not have this separate field, but the tradeoff is that the client just doesn't work with many servers, which is in my view not a good tradeoff!

Quite apart from anything else, it is a definite security plus to have a different login ID than the email address, as many bad actors who try to gain access to your mailbox, or send spam, will default to trying to log in using your email address as the login ID.

Having a different loginID makes it MUCH less likely that someone will be able to do either of these bad things, unless of course you succumb to a phishing attack. But you are much less susceptible to a simple trial and error attack by a bad actor.

So having a different loginID is actually a really good thing, and I don't think that Reolink should prevent their users from using mail servers which are like this, as they do.

joseph_1979

@nick_26792935116 You may submit your request to Reolink support as I don't think that the Reolink Dev team follows the community. The Login ID is the email address on most SMTP servers. To be more secured one has to follow the password policies for all logins.

Nick_26792935116

@joseph_1979 The password is only one element of authentication, so if you can also have a setup where the username is different than expected it adds very substantially to the level of security. Also people are not good at using unique passwords (I know, they should do, but we live in the real world!) so having a different username helps to avoid that problem.

It may be true that most SMTP servers require the email address, but believe me that is not ALL servers! As I say, it is a very good added degree of security to have a different username than the email address.

joseph_1979

@nick_26792935116 Most of the implementations I have came across use the email address as the login/username on SMTP servers. Yes, it can be made differently and all it entails is some more coding. This is their decision and as I stated before, you may submit your request to Reolink support. I am a customer like you and supporting members wherever possible.