CDOSYS SMTP/NNTP Event Sinks Evaluation Criteria

Topic Last Modified: 2008-09-03

This topic provides information about how to use CDOSYS SMTP/NNTP Event Sinks to develop messaging applications.

The Microsoft Windows 2000 Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) services provide an architecture for the addition of customized software that responds to events. Applications can use CDOSYS to respond to messages as they are received by the SMTP and NNTP services.


CDOSYS event sinks do not have all the capabilities of the SMTP transport event sinks, but CDOSYS event sinks are easier to develop.

Functional Criteria

Criteria CDOSYS SMTP/NNTP Event Sinks

Application Domain

The event sink features of CDOSYS are typically used in applications that append disclaimers or other notices to e-mail sent through your server, archive messages, detect, and discard unsolicited bulk mailings, detect and discard inappropriate newsgroup postings, check inbound messages for viruses, forward and filter messages automatically, and so on.

Major Objects

Applications that use SMTP and NNTP event sinks implement COM classes that have the appropriate Microsoft Collaboration Data Objects (CDO) event interfaces. Event interfaces are available for SMTP OnArrival events and NNTP OnPostEarly, OnPost, and OnPostFinal events.

Data access model

When the event sinks are fired, they receive the message being processed inside a CDO.Message object. The message parts are represented as a hierarchy of objects with methods and properties.

Threading Models

For better performance, the COM classes created as event sinks should be set to support apartment-style multithreading.

Application Architectures

CDOSYS SMTP/NNTP event sinks run on the computer where the message is being processed. Applications that use CDOSYS event sinks might have a GUI application to configure how the event sinks operate, and to provide information to the user or administrator about message handling activities.

Remote Usage

CDOSYS SMTP/NNTP event sinks must run on the computer where e-mail is being processed, and cannot be used in COM+ applications.



Management Capabilities

CDOSYS does not generate Windows 2000 Event Log entries, and there are no performance counters available to measure it. Windows Event log entries and performance counters can be built into SMTP event sinks to provide additional management and monitoring capabilities.


Currently, there is shipping in all versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. No changes are anticipated at this time.

Development Criteria

Criteria CDOSYS SMTP/NNTP Event Sinks

Languages and Tools

CDOSYS can be used with any COM/Automation-compatible languages, as well as with non-COM languages such as C/C++.

Managed Implementation

CDOSYS is an unmanaged component. Use of CDOSYS is supported under the COM Interoperability layer of Visual Studio .NET and the .NET Framework.


CDOSYS event sinks can be implemented by using scripts.

Test/Debug Tools

No special debugging tools are needed to debug applications that use CDOSYS. For particularly difficult protocol-interaction issues, a network monitoring utility may prove helpful, but is typically not required.

Expert Availability

Beginning developers can easily use CDOSYS SMTP/NNTP event sinks, and there are many Microsoft and third-party Web sites and communities available.

Available Information

CDOSYS is covered in several Microsoft and third-party books. For more information about CDOSYS, see About CDO for Windows 2000 on MSDN.

Developer/Deployment Licensing

No special licenses are needed for using CDOSYS. Depending on the configuration, your systems might require access to an additional SMTP/NNTP server to transport messages to their destination.

Security Criteria

Criteria CDOSYS SMTP/NNTP Event Sinks

Design-Time Permissions

Creating CDOSYS SMTP/NNTP event sinks requires that the developer be permitted to register COM components on the local computer where e-mail is processed. This permission is usually granted by way of allowing the developer to install software. If the developer is not working on a production server, the possibility of that computer is lower when unencrypted sensitive information is available. Permitting development work on production e-mail servers is not recommended.

Setup Permissions

Because unencrypted sensitive information may pass through the production e-mail server, use caution when granting permission to install software. It is recommended that deployment to the production servers be performed by administrators.

Run-time Permissions

The CDOSYS SMTP/NNTP event sinks run in the same process as IIS, and share the same security credentials as that service account. This can affect which resources the event sink can access.

Built-in Security Features

SMTP event sinks provide no built-in security features. If an event sink changes a message after the user has digitally signed it, the accompanying digital signature will be invalid. SMTP event sinks cannot apply disclaimers or access the body of S/MIME and other encrypted messages when the encryption keys are unavailable.

Security Monitoring Features

The CDOSYS event sinks do not provide any built-in security monitoring features. CDOSYS event sinks can create Windows Event Log entries as needed.

Deployment Criteria

Criteria CDOSYS SMTP/NNTP Event Sinks

Server Platform Requirements

CDOSYS is available on Microsoft Windows 2000, Windows XP, and Windows Server 2003. CDOSYS SMTP/NNTP event sinks require IIS to be configured, and the messages that trigger the events must be processed by the local SMTP/NNTP service.

Client Platform Requirements

CDOSYS is available on Windows 2000, Windows XP, and Windows Server 2003.

Deployment Methods

There are no special requirements for application installation, beyond verifying that the computer is running one of the operating systems that include CDOSYS.

Deployment Notes

On systems where Exchange 2000 or Exchange 2003 is installed, the CDOSYS components are replaced by CDO for Exchange 2000 Server (CDOEX), which provides additional functionality over CDOSYS. CDOEX is described here separately. Applications that use CDOSYS SMTP/NNTP events should not be installed on Exchange back-end servers.