Nice post geoff. Does anyone think using DBmail hence getting your sql server to send mails, is a security risk?

At my current place we seems to have .net utility that just sends mail with some parameters where you define osql or sqlcmd commands with the query you use to do any checks.. we seem to use batch files that include all this via scheduled tasks..

we have of course 2005 farm.

What do people think of this approach?