views:

440

answers:

7

I'm building a public website which has its own domain name with pop/smtp mail services. I'm considering giving users the option to update their data via email - something similar to the functionality found in Flickr or Blogger where you email posts to a special email address. The email data is then processed and stored in the underlying database for the website.

I'm using ASP.NET and SQL Server and using a shared hosting service. Any ideas how one would implement this, or if it's even possible using shared hosting?

Thanks

+1  A: 

E-mails can be trivially forged. I would only do this if you can process PGP / SMime certificates in your application.

Other than that, I see no reason why not!

Simon Johnson
If the data is fairly trivial I think PGP probably wouldn't be necessary. But otherwise I agree! :)
Phill Sacre
+3  A: 

For starters you need to have hosting that allows you to create a catch-all mailbox.

Secondly you need a good POP3 or IMAP library, which is not included AFAIK in the .NET stack.

Then you would write a Command Line application or a Service that regularly checks the mailbox, pulls messages, inserts content in db based on the "To" address (which is unique for each user), and then deletes the email from the mailbox.

It's feasible and sounds like fun. Just make sure you have all you need before you start!

Sklivvz
A: 

use a dotnet popclient to read the incoming emails, parse them for whatever you are expecting and insert the data into the database.

see codeproject website for simple popclient implementation you would have to decided on the email content yourself, eg data only, payload of sql statements, etc

A: 

You could also identify the user based on sender address. This is how Tripit (and probably others) does it. This only requires one e-mail address on your end.

Anders Sandvig
This is probably more dangerous than using a secret receiving address. Not a good idea, I think.
Christian Davén
I guess that depends on your application considers arbitrary data from random people dangerous or not. All I'm saying is that there are somewhat popular sites out there who are using this technique.
Anders Sandvig
+2  A: 

If the data is somewhat "critical", or at least moderately important, do NOT use their username as the "change-data-address". Example: You might be tempted to create an address like [email protected], but instead use [email protected] where you give them the random number if the visit the web-page. That way people can not update other peoples data just by knowing their username.

Espo
A: 

I have done something similar, using Lumisoft's IMAP client and scheduling a task in my app that checks every x minutes the configured mail address for updates. For scheduling I recommend quartz.net. No launching external processes or anything.

Mauricio Scheffer
A: 

Can any of the above work in a shared enviornment? Only dedicated hosting, no?

mausch ~ thanks for the intel on quartz.net

Saif Khan