A program is trying to send an email message on your behalf
We’re using an application which can send notification messages to our customers. It does this via Outlook but for each email that we send out we get the warning below:
A program is trying to send an email message on your behalf. If this is unexpected, click Deny and verify your antivirus software is up-to-date.
We then have to wait a few seconds before a progress bar is to 100% before we can click on Allow.
Needless to say, this is very annoying and quite a time suck as it does this for every email.
Is there a way to suppress these security alerts even if it is just for this application?
Outlook gives that warning message when an add-in or application wants to send an email or access Outlook data in an unexpected or insecure way.
Two other variants which you may encounter are
A program is trying to access e-mail address information stored in Outlook. If this is unexpected, click Deny and verify your antivirus software is up-to-date.
and
A program is trying to perform an action that may result in an e-mail message being sent on your behalf. If this is unexpected, click Deny and verify your antivirus software is up-to-date.
Nowadays, getting any of these prompt actually shouldn’t be much of an issue anymore as most add-ins and applications have been updated to prevent triggering these security prompts. Besides, by default, Outlook is configured to not show these alerts when your virus scanner is up-to-date.
If you still get one of the prompts you can undertake several actions to prevent them from popping up again.
This annoying wait dialog should not come up under normal circumstances.
Check for updates of the add-in or application
Initially, it is up to the add-in developer to properly integrate his/her solution with Outlook and prevent the security prompts from happening.
If you are working with an older version of the software, check with the vendor or developer of the product to get the latest version.
As the add-in developer, you can work with Redemption, developed by fellow Outlook MVP Dmitry Streblechenko, which makes it easier to program your solution without triggering such prompts (and makes it easier to program against Outlook in general as well).
Trust Center Settings
Security prompts will not be shown when you have a virus scanner installed which reports its status to Windows and reports its status as “Valid”.
You can verify this in the following location;
- File-> Options-> Trust Center-> Trust Center Settings…-> Programmatic Access
In this configuration, you shouldn’t get any security prompts. The greyed out settings can only be changed when you start Outlook with administrative privileges.
The greyed out settings above determine whether or not a prompt is being shown. The default setting is: Warn me about suspicious activity when my antivirus software is inactive or out-of-date (recommended)
This means that a security prompt is only triggered when your antivirus status is reported as “Invalid”.
The other 2 options either always show or never show security prompts regardless of the antivirus status.
As the settings are greyed out, you can only change them when you start Outlook with administrator privileges. You can do this from the context menu that you get when you hold the SHIFT button while right clicking on the Outlook shortcut button in Taskbar while Outlook is closed. For other methods and detailed instructions with screenshots see:
- Starting Outlook as an Administrator on Windows 7
- Starting Outlook as an Administrator on Windows 8
- Starting Outlook as an Administrator on Windows 10
- Starting Outlook as an Administrator on Windows 11
Group Policy and Registry settings
Within a domain, an administrator can deploy the Programmatic Access Security settings via Group Policies to prevent the security prompts from ever showing up.
For this, the following options should then be set:
- Configure Outlook to use Group Policy Security settings
Administrative Templates-> Microsoft Outlook <version>-> Security-> Security Form Settings-> option: Outlook Security mode-> setting: Use Outlook Security Group Policy - Set the Guard Behavior to Automatically Approve for each prompt
Administrative Templates-> Microsoft Outlook <version>-> Security-> Security Form Settings-> Programmatic Security
This results in the following Registry keys being set:
Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<version>\Outlook\Security
Value name: AdminSecurityMode
Value type: REG_DWORD
Value: 3
Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\<version>\Outlook\Security
Value name: PromptOOMSend
Value name: PromptOOMAddressBookAccess
Value name: PromptOOMAddressInformationAccess
Value name: PromptOOMMeetingTaskRequestResponse
Value name: PromptOOMSaveAs
Value name: PromptOOMFormulaAccess
Value name: PromptSimpleMAPISend
Value name: PromptSimpleMAPINameResolve
Value name: PromptSimpleMAPIOpenMessage
Value type: REG_DWORD
Value: 2
You’ll find Registry files to disable all the Programmatic Security prompts for Outlook in the download below for use in non-domain environments.
Download: disableprogrammaticsecurity.zip
MAPILab Advanced Security Add-in
So either having a valid virus scanner installed or disabling the prompts altogether will prevent the alert from being triggered.
Obviously, the option “Always warn me about suspicious activity” is the most secure but also the most annoying setting.
With the MAPILab Advanced Security Add-in, you can set Outlook in this most secure mode but at the same also create a white list of applications for which the security prompt should not be shown.
For more information about and to download this free add-in from MAPILab see: MAPILab Advanced Security
MAPILab Advanced Security improves the security prompts with the
ability to build up a white list of allowed applications.
