Skip to content

Frequently Asked Questions and Answers

Is SMTP insecure? - Why do we need the SMTP.Send permission?

The service Lime CRM uses to connect to the email server uses a modern SMTP authentication method called XOAUTH2, which works with OAuth 2.0 access tokens. This method ensures secure email sending through Transport Layer Security (TLS) and standard SSL encryption.

For more information regarding SMTP AUTH, see SMTP submission (SMTP AUTH) in Exchange Online.

Why do we need a user with delegated access to the mailbox?

The email integration uses Microsoft's Delegated Permission model. This requires one user from the customer's domain, who has mailbox access, to consent to the email integration accessing the same mailbox. This user effectively grants permission for the email integration to access the mailbox, but they are not involved in sending or receiving emails.

It is important to note that this user does not have to be a Lime user; it just needs to be a Microsoft user with access to the shared mailbox. The customer can choose whether this user is a personal account or a service account, depending on what works best for them.

The credentials for this account do not need to be shared with Lime Technologies during the installation. A system administrator in Lime CRM can do the authentication themselves. Multi-Factor Authentication is supported.

We use this model because of our third-party service and its integration with OAuth and because it gives the customer more flexibility and control over which users have access to the mailbox.

For more information about permissions and consent, see: Microsoft Permissions and Consent Overview.