Changeset 3429405

Timestamp:

12/30/2025 04:30:24 AM (13 days ago)

Author:

realpinny

Message:

readme.txt update

File:

• pinnys-simple-smtp/tags/1.0.0/readme.txt (modified) (1 diff)

pinnys-simple-smtp/tags/1.0.0/readme.txt

@@ -65 +65 @@
 **Pinny's Simple SMTP** keeps your WordPress database clean, fast, and secure by letting your email provider do its job.
 
-🚫The “Anti-Bloat” Architecture: Why We Rejected OAuth
-Pinny’s Simple SMTP is built on a strict performance philosophy: Do not load code you do not use.
+### 🚫 The “Anti-Bloat” Architecture: Why We Rejected OAuth
+
+**Pinny’s Simple SMTP** is built on a strict performance philosophy: **Do not load code you do not use.**
 
 The industry standard is to force users into OAuth (Log in with Google/Microsoft). While this looks fancy, for a WordPress plugin, it is technically inferior to standard SMTP. Here is why we deliberately stripped OAuth out of Pinny’s:
 
-1. The "Universal Adapter" Trap (Bloat)
-Most users connect to one provider (e.g., just Gmail). However, to support OAuth, other plugins must bundle massive SDK libraries for 10–15 different services (Google, Microsoft, Amazon, Yahoo, Zoho, etc.).
+**1. The “Universal Adapter” Trap (Bloat)**
+Most users connect to **one** provider (e.g., just Gmail). However, to support OAuth, other plugins must bundle massive SDK libraries for 10–15 different services (Google, Microsoft, Amazon, Yahoo, Zoho, etc.).
 
-The Result: You install megabytes of vendor code just to send a simple email.
+* **The Result:** You install megabytes of vendor code just to send a simple email.
+* **Our Fix:** Pinny’s uses standard SMTP. We don’t force you to host 14 unused API libraries on your server just to use the 15th. This keeps our codebase at **~4.5KB** and auditable in minutes.
 
-Our Fix: Pinny’s uses standard SMTP. We don't force you to host 14 unused API libraries on your server just to use the 15th. This keeps our codebase at ~4.5KB and auditable in minutes.
+**2. The Complexity Risk (Security)**
+In security, **Complexity is the Enemy.** OAuth flows require redirects, token storage, refresh tokens, and constant API updates. Every external library added to a plugin increases the “Attack Surface”—more code means more places for bugs to hide.
 
-2. The Complexity Risk (Security)
-In security, Complexity is the Enemy. OAuth flows require redirects, token storage, refresh tokens, and constant API updates. Every external library added to a plugin increases the "Attack Surface"—more code means more places for bugs to hide.
+* **The Reality:** If a plugin’s bundled “Google API Client” has a vulnerability, your site is at risk—even if you are using Outlook.
+* **Our Fix:** We use native WordPress functions. **No external dependencies.** No third-party SDKs. No supply-chain vulnerabilities.
 
-The Reality: If a plugin’s bundled "Google API Client" has a vulnerability, your site is at risk—even if you are using Outlook.
+**3. App Passwords: The Superior Choice**
+We use **App Passwords** (Standard SMTP Authentication). This is the secure, recommended method for server-side mailing (Gmail/Workspace & Microsoft 365).
 
-Our Fix: We use native WordPress functions. No external dependencies. No third-party SDKs. No supply-chain vulnerabilities.
+* **Strictly Scoped:** An App Password usually only has permission to *send mail*. Unlike an OAuth token (which can sometimes be scoped too broadly), an App Password cannot be used to change your account settings or read your Drive files.
+* **Instantly Revocable:** If you suspect a breach, you can revoke that specific App Password instantly from your Google/Microsoft dashboard without changing your main login credentials.
+* **Zero Downtime:** OAuth tokens expire or disconnect if the API changes. App Passwords work until you say stop.
 
-3. App Passwords: The Superior Choice
-We use App Passwords (Standard SMTP Authentication). This is the secure, recommended method for server-side mailing (Gmail/Workspace & Microsoft 365).
-
-Strictly Scoped: An App Password usually only has permission to send mail. Unlike an OAuth token (which can sometimes be scoped too broadly), an App Password cannot be used to change your account settings or read your Drive files.
-
-Instantly Revocable: If you suspect a breach, you can revoke that specific App Password instantly from your Google/Microsoft dashboard without changing your main login credentials.
-
-Zero Downtime: OAuth tokens expire or disconnect if the API changes. App Passwords work until you say stop.
-
-Pinny’s Simple SMTP chooses stability over shiny buttons. Enter your Host, Port, and App Password → Save. Done.
-
+**Pinny’s Simple SMTP** chooses stability over shiny buttons. Enter your Host, Port, and App Password → Save. **Done.**
 ---