It is clear from the error message that the server is rejecting your authentication attempt before sending the email.
Before I get into specifics for your issue, let me give you some information so you understand how
TIdSMTP authentication works in general.
By default, the
TIdSMTP.AuthType property is
satDefault, and the
TIdSMTP.ValidateAuthLoginCapability property is True. This means the
TIdSMTP.Password properties are sent using an unsecure
AUTH LOGIN command (which most servers will not accept without an established SSL/TLS session), but only if the server's
EHLO reply indicates that
LOGIN is an acceptable authentication (which many servers do not report, even if they do accept it).
So, it is possible that
TIdSMTP.Authenticate() (which you do not need to call manually,
TIdSMTP.Send() calls it for you) may not even attempt to authenticate with a server when
AuthType=satDefault, and then a subsequent call to
TIdSMTP.Send() can fail with an authentication error (you can verify this by assigning one of Indy's
TIdLog... components to the
TIdSMTP.Intercept property and then look at the actual SMTP commands that
So, try setting
TIdSMTP.ValidateAuthLoginCapability to False so
TIdSMTP.Authenticate() will always send
AUTH LOGIN when
AuthType=satDefault, regardless of whether the server reports it is acceptable or not. If the server does not accept it, at least it will fail authentication at that stage, rather than at the
However, most SMTP servers nowadays accept/require stronger authentication schemes than
LOGIN, such as
CRAM-MD5. So, you could set
AuthType=satSASL instead, and then populate the
TIdSMTP.SASLMechanisms collection with relevant
TIdSASL-derived components (including
TIdSASLLogin to handle
AUTH LOGIN when supported), and link them to a
TIdUserPassProvider to get the
TIdSMTP.Password properties are not used during SASL authentications).
Now, that being said, I tested
smtp.live.com, and it does, in fact, report support for
LOGIN authentication after an SSL/TLS session is established, so
ValidateAuthLoginCapability doesn't apply to that server. The
AUTH LOGIN command gets sent when using
AuthType=satDefault, or when using
But, the server rejects my login attempts with
AUTH LOGIN when using my real Hotmail password, and this is because my account has 2-Step Verification enabled. So, in order for
TIdSMTP to login correctly, I have to go into my Hotmail account using a web browser and create an App Password in the security settings, and then configure
TIdSMTP to use that password instead of my real password. Then
AUTH LOGIN is successful.
You will have to do the same, if you have 2-Step Verification enabled on your Hotmail account.
SMTP.AuthType := satDefault;
SMTP.IOHandler := SSLHandler;
SMTP.Host := 'smtp.live.com';
SMTP.Port := 587;
SMTP.Username := 'real hotmail email here';
SMTP.Password := 'app password here'; // <--
SMTP.UseTLS := utUseExplicitTLS;
Note that the only other authentication scheme that
smtp.live.com supports is
XOAUTH2*, which does not require an App Password be created. Indy does not currently implementation
XOAUTH2. But there may be a 3rd party implementation floating around if you look around. Or, you can try implementing a custom
TIdSASL-derived component for it yourself.
* FYI, Gmail also supports
XOAUTH2 for SMTP and IMAP.