I'm using SendGrid's SMTP API, and I realized that I can set the from address to any email.
I find this concerning. It's very clear that anybody with an SMTP API could just start sending emails pretending to be me.
Is there a way I can add my email or a group of emails to an "SMTP Blacklist"?
from sendgrid import SendGridAPIClient
from sendgrid.helpers.mail import Mail
message = Mail(
from_email='any#from.email',
to_emails='any#to.email',
subject='Title',
html_content='Hello world')
try:
sg = SendGridAPIClient('FREE_API_KEY')
response = sg.send(message)
print(response.status_code)
print(response.body)
print(response.headers)
except Exception as e:
print(e.message)
Read up on DMARC and SPF Records. These two "solutions" make it much more difficult for unauthorized email to get delivered successfully.
EDIT: Also read up on DKIM.
Related
We have set up Odoo 8 as a multi-user helpdesk tool, which creates a new project issue for each incoming mail. Incoming and outgoing servers are configured correctly and system parameters are set to
mail.catchall.domain: company.tld
mail.catchall.alias: helpdesk
mail.bounce.alias: bounce
The problem now is that every time a user comments the mail thread to answer the original issue creator, a new mail is generated with header
FROM: [user]#company.tld
TO: [followers]
REPLY-TO: helpdesk#company.tld
Which is totally fine but leads to a sending failure due to our SMTP configuration. To get around this we want to achieve that all outgoing E-Mails are sent from the same specified address, like helpdesk#company.tld, no matter which user response to the thread.
How do we achieve this?
I had specific issue when I was working on Odoo 8 and I found fix but its not recommended action from developer view, because changing odoo source code is not recommended and changes can be lost.
So what I did was to change email from address to real email from address. Yes it's weird but that's how Odoo works. Odoo is always sending from one specific email address and changes email from to user email address, but if you will look at email carefully you will notice that real sender is always same.
The fix is changing this line
smtp_from = message['Return-Path']
to this line
smtp_from = tools.config.get('email_from')
in openerp/addons/base/ir/ir_mail_server.py file.
PS I don't like this solution.
I really dislike microsofts ui it is terrible
im trying to setup my node.js app to mail using hotmail but cant.
i have got so far using:
var hotmail=nodemailer.createTransport("SMTP",{service:'Hotmail','auth':{'user':' exampl#hotmail.com','pass':'MY-Normal-User-Pass'}});
I get the error:
Message sent: 250 2.6.0 <1383551761565.976a644a#Nodemailer> Queued mail for delivery
so tried my normal user pass and my email now says sent but also says its queued i think 250 is like 'you don't have permission' from what i have read on google...
and check this, my hotmail sent box shows each email i have tried to send but my client does not receive them?!
also I have sent using gmail fine!
var gmail=nodemailer.createTransport("SMTP",{service:'Gmail','auth':{'user':'example#gmail.com','pass':'ufufufufufur7yryed'}});
it was the two step verification on goole ! very easy!!
if(r.email.search('#hotmail')!==-1||r.email.search('#live')!==-1||r.email.search('#outlook')!==-1){
hotmail.sendMail({
subject:c+' update received...',
from:'example#hotmail.com',
to:r.email,
html: 'Click this <b>link</b> to veiw your update.'
},function(error,response){
if(error){console.log(error+'!!!!!!!!!!!!');socket.emit('email_send.err');}
else{console.log("Message sent: " + response.message);socket.emit('email_send.ok',{'result':'200:ok'});}});
}
else if(r.email.search('#gmail')!==-1||r.email.search('#')!==-1){
gmail.sendMail({
subject:c+' update received...',
from:'example#gmail.com',
to:r.email,
html: 'Click this <b>link</b> to veiw your update.'
},function(error,response){
if(error){console.log(error+'!!!!!!!!!!!!');socket.emit('email_send.err');}
else{console.log("Message sent: " + response.message);socket.emit('email_send.ok',{'result':'200:ok'});}});
}
});
why is (not so)hotmail showing me sent messages when it's sent only storing my messages in my sent folder?
Actually Message sent: 250 means that the message was accepted. Outgoing SMTP servers do not send mail instantly but through a queue - once previous messages in the queue are sent out, your message will be as well.
If the message does not reach recipients inbox it might have got lost in the way, for example might get marked as spam etc.
I'm trying to figure out how to display a list of unsuccessful emails sent and a way to test it out.
I can display a list of the emails that were sent, but I'm unsure on how to retrieve the list of emails that were unsuccessfully sent out.
Here is what I'm using to retrieve it from the mysqldb:
//get the email address list
$query = "SELECT email FROM users
WHERE id IN (SELECT participant_id FROM roster AS ur WHERE ur.roster_id=".$roster['roster_id'].")";
$result = mysql_query($query);
$emailstring2 = "";
$email2 = $result;
while ($row = mysql_fetch_object($email2)){
$emailstring2 .= $row->email. "\n ";
}
In the message section, I retrieve it via:
$message .="Successful emails: \n".$emailstring2." \r\n";
How would I achieve this?
One keyword will get you the ones not sent: NOT
WHERE id NOT IN
You can't do this from PHP in a simple manner like this.
Think of it as a letter going through the postal service. All you can do is give the letter to the postman and hope that it reaches its destination. The postman will not come back and tell you if delivery was successful, or if the letter was actually read by the recipient. PHP's mail() function (and its derivatives) return TRUE to indicate that the message was accepted for delivery attempts, not that it was successfully delivered. (Delivery may not happen for hours or days.)
As a result, the best you can do is approximate delivery notification. There are a few ways you can do this:
Use a tracking pixel in the email that gets pinged when the user
opens the message. However, given that most email clients nowadays
default to "do not show images," I think this technique is rather
unreliable.
Send each message with a bounce address unique to the recipient. If
the message can't be delivered, it will return to the custom address
-- and that return message can be used to indicate that the original recipient's email address is no good. This is probably the most accurate method but is not simple to configure.
Use return receipts. Like tracking pixels, I think most email clients
default to never send these, so this is likely unreliable as well.
Use delivery status notification. This will require using a server
that supports it and sending to a server that supports it.
Send your mails through a service that will do this sort of tracking for you. (E.g. MailChimp or Constant Contact)
We are in the process of converting a batch job that processes our bounced emails that we send. We are switching from Redemption to EWS (just upgraded to Exchange 2010 from Exchange 2003). As you know bounced emails come in different forms. I have been able to work through all the test case emails i've got except for the ones that come in the form of:
Your message did not reach some or all of the intended recipients.
Subject: Hello
Sent: 4/01/2012 8:16 AM
The following recipient(s) cannot be reached:
hi#foo.com on 4/01/2012 8:19 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
smtp.mydomain.com #5.0.0 smtp; 5.3.0 - Other mail system problem 554-"delivery error: dd This user doesn't have a foo.com account (hi#foo.com) [-5] - mail.foo.com" (delivery attempts: 0)>
This is what is displayed in outlook. When i read the email with EWS the Body is empty. I need to look at the information above when i get the email with EWS. The emails have an attachment (which is the original email) though it doesn't look that way in outlook. I've tried to look at almost all the properties that comes back from EWS and have yet been able to find the text above. Redemption allow you to look at this info using ReportText. What we are specifically looking for is the email error delivery code. We do different things based on this code.
Edit: To be clearer the Body Property on my other test cases isn't empty. I'm loading the emails like:
Dim emailPset = New PropertySet(BasePropertySet.FirstClassProperties)
emailPset.RequestedBodyType = BodyType.Text
Dim f = EmailMessage.Bind(email.Service, email.Id, emailPset)
Update1: After some research it looks like i need to be able to read the Recipients table of the message in the PR_NDR_STATUS_CODE & PR_REPORT_TEXT fields. Still searching if there is a way to do this in EWS.
We were able to get enough info the
smtp.mydomain.com #5.0.0 smtp; 5.3.0 - Other mail system problem 554-"delivery error: dd This user doesn't have a foo.com account (hi#foo.com) [-5] - mail.foo.com" (delivery attempts: 0)>
part which is what we needed by telling the object to load the MIME content.
Definitely not the most straight forward API to use but hopefully we don't hit any more hickups.
What would be a good starting point for me to learn about creating an email server?
Basically, what I want to do is have a server (such as foo.com) recieving mail for me so if I send an email to (blah#foo.com) it will dump the contents of the email into /mail/blah/subject and then send it off to my REAL email account.
I'm looking to do this as a programming exercise, so links to RFCs, etc. would be nice. Reinventing the wheel is a good way to learn about wheels.
EDIT: Feel free to retag this appropriately.
Edit: I provided some headings and divided RFCs by topic. I hope it's more accessible now. It's quite a list, and I wish I could format it any better, but unfortunately, that's about it.
Since you mentioned you don't really know what you need, let me clarify:
If you only want to implement a simple "proxy" server that sits in between your MUA (email client) and "real" server, you can probably get away with only implementing basic SMTP functionality. This will allow you to send messages, i.e. to submit messages to an MTA.
POP3 is for email clients to pull messages off of your server, while IMAP is an alternative to POP3 with a somewhat different feature set, mainly providing an on- or offline mode which can be thought of like managing remote folders (i.e. mailboxes).
MIME specifies the format of the contents of e-mail messages in presence of multi-part messages, attachments etc.
Internet Message format (also defines e-mail address format)
http://www.faqs.org/rfcs/rfc822.html
http://www.faqs.org/rfcs/rfc2822.html
SMTP:
http://www.faqs.org/rfcs/rfc821.html
Update to SMTP/RF821:
http://www.faqs.org/rfcs/rfc5321.html
SMTP-AUTH:
http://www.faqs.org/rfcs/rfc2554.html
Message submission (i.e. for the application to be acting as a MUA):
http://www.faqs.org/rfcs/rfc2476.html
IMAPv4:
http://www.faqs.org/rfcs/rfc1730.html
IMAPv4rev1:
http://www.faqs.org/rfcs/rfc2060.html
POP3:
http://www.faqs.org/rfcs/rfc1081.html
http://www.faqs.org/rfcs/rfc1939.html
http://www.faqs.org/rfcs/rfc1957.html
POP3 extensions:
http://www.faqs.org/rfcs/rfc2449.html
Authorization for POP/IMAP:
http://www.faqs.org/rfcs/rfc2195.html
TLS for POP3 and IMAP:
http://www.faqs.org/rfcs/rfc2595.html
AUTH-RESP-CODE for POP3:
http://www.faqs.org/rfcs/rfc3206.html
POP3 simple authentification:
http://www.faqs.org/rfcs/rfc5034.html
MIME, which is composed of 5 RFCs:
http://www.faqs.org/rfcs/rfc2045.html
http://www.faqs.org/rfcs/rfc2046.html
http://www.faqs.org/rfcs/rfc2047.html
http://www.faqs.org/rfcs/rfc4288.html
http://www.faqs.org/rfcs/rfc4289.html
http://www.faqs.org/rfcs/rfc2049.html