![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 45%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 84%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Hi @techresearch7777777 ,
Security issues are common, but there is no known significant security risk with msdb.dbo.sp_send_dbmail, instead it is a relatively simple and secure way to send emails.
Execute permissions for sp_send_dbmail default to all members of the DatabaseMailUser database role in the msdb database, any SQL System Admin can obviously execute the proc, if there is a risk, then it is not just about the proc anymore
The key issue is your dangerous expectations, everything you do on the database may be at risk, such as accessing external resources, connecting to external calculators.
It is recommended that database mail needs to be configured to send database mail alerts and monitored
https://www.sqlservercentral.com/forums/topic/sending-mail-from-database-is-it-a-bad-practice
-------------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
