Sending email from javascript using email.js and the security

Dears;

I need to use email.js to send email from javascript directly without the use for server side code, but I am afraid from the security because in this case, I have to place in the javascript code the username and password of the email and this will give a chance for the hackers to use my smtp account to send emails and that will cause a lot of problems. How I can overcome this problem? I do not need the hackers to be able to see the the javascript code that is sending the email. How?

Regards
Bilal

When using a HTTP mailto url only recipient(s), the subject and the body of the mail will be delegated to the mail program that is locally configured as mail client. Credentials - passwords and user ids -  for the mail client or the selection which mail client to use cannot made in the html page. They must be in place in the client machine and in the settings of the browser user.

Find more details here: how-to-create-mailto-links.html (w3docs).

And here in w3schools.com one can play around with mailto.

Then for JavaScript I found a reference to MailtoUI that promises a UI for the same HTTP mailto.

The "mailto:" and "phone:" URI protocols are handled by the client's agent (browser) and connect to the internal mail and phone services - if installed!

Note that neither service is guaranteed to be present on all possible clients. I have to explicitly install a mail agent on some of my machines and only my phone and a tablet with a phone relay client can honor the "phone:" protocol.

This is the easy/safe way, as it uses the configuration information described by Roland. Depending on setup, it might even be possible to have the mail agent prompt for a password rather than keeping one stored, but in any event, mail sender credentials would be kept in a location that it would be the user's responsibility to keep secure.

You could, of course, use a brute-force approach where you incorporated code to connect to an MTA port (such as port 25) on a designated mailserver, handshake for credentials and security, and push the mail content manually. In which case, security is up to you.

Using the "mail:" protocol is much simpler and likely to be more secure. As long as all your clients have mail-sending agents installed and set up.

Maybe I did not explain well what I need to do.
First of all, I am talking about my website which has visitors from all places, not employees in the office.
I have form and I need the visitor to fill data and I need this data to be sent by email for me.
What is the easiest simple and safe way? Can I do it in JavaScript and to be secure?
That is why I was asking about using email.js.

Appreciate the kindly help.
Regards
Bilal

As I read it, you'd have to pick an email service (such as gmail). Then each user would have to have an account/password on that service. Or worse, you'd have to not only have an account, but also a mechanism to select their email service.

The "mailto:" protocol is much simpler, and while it's not always available, anyone who emails from their desktop (using outlook, for example), will probably have a mail agent already installed.

I think the #1 benefit to email.js is that you can define templates that email.js will format to provide a standardised mail body. I'd consider it for example, if I was sending out personalized sales newsletters from my desktop. Note, however, that mailto: is supported on both simple "a href"  hyperlinks AND as an action URL on an HTML FORM, so that's an alternate templating option.