Security concerns on SMTP in SQL Server

In my company, while I try to get the ports opened to connect to my SMTP server from my SQL Server running on Windows Server 2012, I get a reply saying that it is a security concern to open ports from SQL Server hosts to the SMTP server and it cannot be allowed. I'm just trying to understand what could be the security issues in having the Windows server hosting the SQL Server in allowing simple database mail alert notifications?

The security concern with SMTP from a database server is the potential for disclosure of sensitive information. For example, a user that has (or gains) permissions to execute sp_send_dbmail could send an email with sensitive information. Disallowing outbound access to the default SMTP port is a security measure security folks sometimes insist upon to limit such exposure. It is common to lock down overall database server network traffic in an environment with particularly sensitive information such that network connectivity is allowed only to ports/hosts specifically needed, and permitted only after approval by the security department.

You need to work with your security team if your organization does not yet have an infrastructure for database administrative alerts. They may allow a security exception for SMTP if there are additional measures in place to prevent ad-hoc email access on both the database and SMTP server.

StackExchange Database Administrators Q#137112, answer score: 4