>When you have automated tasks ... say a program that connects to an SMTP server to send an automated email ... where do you hide the passwords and keys used for this?

You could slice the keys up and store the parts in different places. You'd have to have a detailed knowledge of the key re-assembly method to defeat this. Encrypt the passwords and store wherever.

On a related subject, I want to allow consultancy users to be able to 'rent' the professional features of my software for a fixed period. (Before and afterwards the app will revert to a 'personal user' edition with fewer features.) The aim is to help pro users pass on the cost as a claimable expense to their clients (as opposed to a non-claimable capital cost).

My idea is to make them put a CD in the drive at start-up and check the date of a key file whose contents validate the CD's identity. I want to deter CD cloning (without going to extremes), and I will broadly trust this class of clients. If this is too hard, I'm looking for a good way to store the start date of the rental period in such a way that re-installing the software doesn't change it.

Has anyone implemented a scheme with similar aims?

John Burton