Pro grammatically sending an email

[FishyMcFlipFlop]

I created the following GLBasic program to send an email (it was in response to a request to send emails from an iPhone) :

Quote:

DEBUG "Sent : "+sendEmail("<<from>>","<to>>","Test 3","This is a test","<<myserver>>",26)

FUNCTION sendEmail%:from$,to$,subject$,message$,server$,por t%
LOCAL socket%
LOCAL emailServer%
LOCAL LFCR$="\r\n"
LOCAL result%

IF SOCK_INIT()=FALSE THEN RETURN FALSE

socket%=SOCK_TCPCONNECT(server$,port%)
IF socket%>=0
SOCK_TCPSEND(socket%,"HELO "+from$+LFCR$)
SOCK_TCPSEND(socket%,"MAIL FROM: "+from$+LFCR$)
SOCK_TCPSEND(socket%,"RCPT TO: "+to$+LFCR$)
SOCK_TCPSEND(socket%,"DATA"+LFCR$)
SOCK_TCPSEND(socket%,"From: "+from$+LFCR$)
SOCK_TCPSEND(socket%,"To: "+to$+LFCR$)
SOCK_TCPSEND(socket%,"Subject: "+subject$+LFCR$)
SOCK_TCPSEND(socket%,message$+LFCR$)
SOCK_TCPSEND(socket%,"."+LFCR$)
SOCK_TCPSEND(socket%,"QUIT"+LFCR$)

SOCK_CLOSE(socket%)

result%=TRUE
ELSE
result%=FALSE
ENDIF

SOCK_SHUTDOWN

RETURN result%
ENDFUNCTION

It's quite simple - set up a TCP connection to my email server and send it according to the RFC 821 specification, and close the socket and network system at the end. No error checking is added because it will either work or not work...

The strange thing is, that this program works (along with pretty much all other examples in other languages on the internet), by sending an email to the required person, and yet they all have one thing in common : no authorisation (username & password) is sent nor needed.

Why is there no need to send some sort of authorisation ? It does seem to create a large security hole if none is required...