Chapter 41: ASP Sending e-mail with CDOSYS
ASP Sending e-mail with CDOSYS — the classic, battle-tested, and still widely used way to send emails from Classic ASP pages in 2026 (especially in legacy Indian banking, government, ERP, small-business, and intranet systems).
I will explain it like your favorite teacher who actually wrote, debugged, and supported CDOSYS email code in production Classic ASP applications from ~2003–2010 — slowly, clearly, with real working examples, common pitfalls, security warnings, best practices, and why this method refused to die even after Microsoft tried to kill it.
1. Why CDOSYS? (Quick History – Why Everyone Still Uses It in 2026)
| Technology | Introduced | Supported until | Status in 2026 legacy code | Why people still use it |
|---|---|---|---|---|
| CDONTS | 1996 | ~2003 | Almost dead | Very old, insecure, removed from Server 2003+ |
| CDOSYS | 2000 | Officially ~2008 | Still very common | Last Microsoft-supported COM email component for Classic ASP |
| System.Net.Mail | 2002 (ASP.NET) | Active | Not available in Classic ASP | Requires .NET Framework — not usable in pure VBScript |
| Third-party (ASPMail, etc.) | 1990s–2000s | Varies | Rare | Cost money, licensing issues |
CDOSYS (Collaborative Data Objects for Windows 2000 — later just called CDOSYS) became the standard because:
- It came free with Windows Server 2003 / IIS 6+
- It supported modern SMTP (authentication, SSL/TLS, HTML emails, attachments)
- It was much more reliable than the old CDONTS
- It worked perfectly with VBScript in Classic ASP
Even in 2026, when you see a Classic ASP site sending emails, 90%+ chance it is still using CDOSYS.
2. The Two Most Common CDOSYS Patterns in Real Code
There are two typical ways people wrote CDOSYS code in Classic ASP:
- Using the Configuration object (recommended, supports authentication, SSL, etc.)
- Quick & dirty one-liner style (only basic unauthenticated SMTP)
We will focus on #1 — because almost every real site that sends mail to Gmail/Office 365/custom SMTP uses the full Configuration style.
3. Full Realistic Example – Contact Form Sends Email with CDOSYS
File: contact.asp
asp
|
0 1 2 3 4 5 6 |
<%@ Language=VBScript %> <% Option Explicit %> <!DOCTYPE html> <html> <head> <title>Contact Us</title> </head> <body> <h2>Contact Form</h2> <% Dim submitted, name, email, subject, body, errorMsg submitted = False errorMsg = "" If Request.ServerVariables("REQUEST_METHOD") = "POST" Then submitted = True name = Trim(Request.Form("name")) email = Trim(Request.Form("email")) subject = Trim(Request.Form("subject")) body = Trim(Request.Form("message")) ' Basic validation If name = "" Then errorMsg = errorMsg & "Name is required.<br>" If email = "" Then errorMsg = errorMsg & "Email is required.<br>" If subject = "" Then errorMsg = errorMsg & "Subject is required.<br>" If body = "" Then errorMsg = errorMsg & "Message is required.<br>" If errorMsg = "" Then On Error Resume Next Dim objMessage, objConf Set objMessage = Server.CreateObject("CDO.Message") Set objConf = Server.CreateObject("CDO.Configuration") ' === SMTP Configuration (change these values!) === With objConf.Fields .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 ' Network (not local pickup) .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com" .Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 587 .Item("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True .Item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 30 .Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 ' Basic auth .Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "yourname@gmail.com" .Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "your-app-password" ' ← App Password for Gmail! .Update End With With objMessage Set .Configuration = objConf .From = """Contact Form"" <" & email & ">" .To = "support@yourcompany.in" .Subject = "Contact Form: " & subject ' HTML body .HTMLBody = "<h3>New Contact Message</h3>" & _ "<p><strong>From:</strong> " & Server.HTMLEncode(name) & " (" & Server.HTMLEncode(email) & ")</p>" & _ "<p><strong>Message:</strong><br>" & Replace(Server.HTMLEncode(body), vbCrLf, "<br>") & "</p>" .Send End With If Err.Number = 0 Then Response.Write "<div style='color:green; font-weight:bold; padding:15px; border:2px solid green;'>" Response.Write "Thank you, " & Server.HTMLEncode(name) & "!<br>Your message has been sent." Response.Write "</div>" Else Response.Write "<div style='color:red; font-weight:bold; padding:15px; border:2px solid red;'>" Response.Write "Email could not be sent.<br>Error: " & Err.Description Response.Write "</div>" End If On Error GoTo 0 Set objMessage = Nothing Set objConf = Nothing Else Response.Write "<div style='color:red; padding:10px; border:1px solid red;'>" Response.Write "Please fix these errors:<br>" & errorMsg Response.Write "</div>" End If End If %> <% If Not submitted Or errorMsg <> "" Then %> <form method="post" action="contact.asp"> Name:<br> <input type="text" name="name" value="<%= Server.HTMLEncode(name) %>" size="40"><br><br> Email:<br> <input type="text" name="email" value="<%= Server.HTMLEncode(email) %>" size="40"><br><br> Subject:<br> <input type="text" name="subject" value="<%= Server.HTMLEncode(subject) %>" size="40"><br><br> Message:<br> <textarea name="message" rows="6" cols="50"><%= Server.HTMLEncode(body) %></textarea><br><br> <input type="submit" value="Send Message"> </form> <% End If %> </body> </html> |
4. The Most Important Configuration Fields (You Must Know These)
| Schema URL (long but must be exact) | Common values | What it means |
|---|---|---|
| http://schemas.microsoft.com/cdo/configuration/sendusing | 2 | 2 = Network (SMTP), 1 = Local pickup |
| http://schemas.microsoft.com/cdo/configuration/smtpserver | “smtp.gmail.com”, “smtp.office365.com” | Your SMTP server |
| http://schemas.microsoft.com/cdo/configuration/smtpserverport | 25, 587, 465 | 587 = TLS, 465 = SSL |
| http://schemas.microsoft.com/cdo/configuration/smtpusessl | True / False | Use SSL/TLS encryption |
| http://schemas.microsoft.com/cdo/configuration/smtpauthenticate | 0 = None, 1 = Basic | 1 = username/password required |
| http://schemas.microsoft.com/cdo/configuration/sendusername | yourname@gmail.com | SMTP login |
| http://schemas.microsoft.com/cdo/configuration/sendpassword | your-app-password | SMTP password (use App Password for Gmail) |
5. Teacher Warnings & Best Practices (Very Important in 2026)
- Gmail / Office 365 require App Passwords — normal password no longer works (2FA blocks it)
- Never store password in plain text — use #include file outside web root or registry/encrypted config
- Use .HtmlBody for HTML emails, .TextBody for plain text
- Add .CC, .BCC, .ReplyTo, .Importance when needed
- Handle errors with On Error Resume Next + check Err.Number
- Test thoroughly — SMTP servers are picky (timeout, auth, SSL versions)
6. Quick Summary – ASP Sending Email with CDOSYS
CDOSYS is the standard way Classic ASP sites sent emails 2003–2012 (and still do in legacy systems):
- Create CDO.Message and CDO.Configuration objects
- Configure SMTP server, port, SSL, username/password in .Fields
- Set .From, .To, .Subject, .HtmlBody / .TextBody
- Call .Send
- Clean up objects with Nothing
- Always validate input and encode output
This is how millions of contact forms, order confirmations, password resets, and alerts were sent from Classic ASP — and many legacy Indian small-business, internal, government, and ERP systems still use exactly this CDOSYS pattern in 2026.
Next class?
- Want a forgot password + reset link example with CDOSYS?
- Or how to send attachments (PDF invoice, resume)?
- Or error logging when email fails?
- Or compare CDOSYS vs modern ASP.NET Core MailKit / SmtpClient?
Just tell me — I’m here! 🚀🇮🇳 Keep learning strong, Webliance! 😊
