Is there a way to trigger Gmail's "Report Phishing" option from a Gmail Add-on?
Our Add-on allows users to report the message internally to our own IT staff, and we would like to report to Google at the same time rather than asking users to report it twice.
I cannot find any documentation that suggests it is possible but figured it wouldn't hurt to ask.
Thanks in advance.
Would reading the contents of the mail and extracting the URI's out of it in order to send it via the Phishing Protection API count as a solution?
Quickstart for the submission API
Related
I was wondering if there is a way to automatically (or on a trigger) delete emails from a Google Group.
I use a Collaborative Inbox Group for archiving automated emails.
I looked at the Google Apps Script overview for Google Groups, but I don't see anything. It only seems like you can do this from GmailApp...
I also read this thread from 2012 but nothing helpful there
Answer:
Programmatically this isn't possible.
More Information:
The GroupsApp class of Apps Script only has read methods available for use - there is not a way of executing any write data using the class - for example deletion of emails.
Emails are sent to everyone in the group when a post is made (as per subscription settings). If you want the Email to be deleted then as you have already pointed out, you will need to use GmailApp to delete it from the recipients' inboxes.
In short: All mailbox manipulation must be done using the Gmail API (or GmailApp).
Feature Request:
You can however let Google know that this is a feature that is important for access to their APIs, and that you would like to request they implement it.
Google's Issue Tracker is a place for developers to report issues and make feature requests for their development services, I'd urge you to make a feature request there. The best component to file this under would be the Admin SDK component, with the Feature Request template.
I have received email from Google with subject: [Action Required] Submit your app(s) for Restricted Scopes OAuth verification,
same as many of you.
I'm using GAS only for developing applications for my personal use - not for public. Applications such as sending summary emails to my clients, when they buy a product from my web pages.
Do I have to go through the whole process of verification?
Do I have to create public Terms of Service?
Is there any way how I can explain to google, that my applications are not used by anybody else then by
me?
How to get to know for sure that my app won't stop?
I have read through FAQ (https://support.google.com/cloud/answer/9110914) and many other documents by google about this topic..
I have checked similar questions found on web, but with no luck of answers.. It looks it's pretty new experience for all of us..
Thank you for any advices.
I have personal account, so I can't use "internal apps" selection, this works only for paid G-suite customers which I'm not.
EDIT:
As Yoel Vinitsky stated, app doesn't need verification if it has only one user.
Here at bottom: https://support.google.com/cloud/answer/7454865 is table which shows that there is quota 100 new users in total, once the app presents the unverified app screen.
It seems like that I don't have to worry about verification of my apps at all, because I'm the only one user or maybe I use this app from 2 or 3 more users emails so it should be ok, my question is, is it going to be ok without verification, or not?
EDIT 2:
Google sent clarification email:
NO ACTION is required if:
Only owners use the project: If the project is only used by owners of the project, no action is required.
To determine whether you are an owner (versus an editor or viewer), follow these steps:
Click the project link above to navigate to its OAuth Consent Screen
configuration page.
Click the Navigation Menu button in the
upper-left corner, select IAM & admin, and click IAM. This will show you all project contributors and their roles.
The project doesn’t have users outside of your G Suite domain:If the project owner is using a G Suite account and the project is only used by Google Accounts in the project owner’s domain, no action is required (learn more here).
But the question is how to avoid verification with personal accounts for my own scripts used only by me?
As mentioned in the support FAQ You linked to:
When can I skip publishing my app for a review?
You do not need to request for verification if your app is
going to be used in any of the following scenarios:
1) The app is not shared with anyone else.
2) The app is used to send emails through WordPress, or
3) similar single account SMTP plug-ins.
The only drawbacks should be the warning that your app is unverified and maybe quota limits.
Is it possible to use a Google form, develop a GAS script that executes on form submission but have it run under the context of the users submitting the form?
Users will be in a GApps for Business domain?
Will it need to be published as a web app using doGet(), even though there will be no UI?
Only webApps have the ability to run under user's authority and they have an authorization request feature to handle that case. A form has no way to ask for authorization so it won't be able to do anything (or to trigger a script that would do anything) in the name of a user without explicit permission. That's a basic security case and hopefully there will be no way to go around it.
I guess the only way to get what you want would be to create the form with UiApp or HTML Service and deploy it as a webapp running under user's authority, in that case your users will be asked for authorization to access the services you need.
note : you said "even though there will be no UI?" but the form itself is a Ui isn't it ?...
Can we create a spreadsheet form and open it when the user when user logs in ?
I need a form which will record the attendance of the employee when He/She logs in . Also i would like to validate the code so that it must be shown only at first login.
Thanks in advance
What you are asking to do is not possible unless you were to authenticate users yourself, then pass that along to google. Nonetheless, you would still have to train your users to login on your special page, and they could circumvent the form by logging into google directly. If you are looking for login history, then the reporting API, Domain Management Panel or FlashPanel might provide the kind of report for which you search.
I am running an online free computer science education course website. I use Google scripts to evaluate the student quizzes (I use the MCQ script). Yesterday, there was a spike in visitors to my site. I noticed that the quiz scoring script is no longer sending results to students. I checked the failure notification, and it says "Service invoked too many times for one day:"
Is it because of a quota? If there is a quota, then is there any way to increase it?
My class has more than 800 students, so it is likely that they will submit their homework on the very day I post it online. So, I badly need to increase the email quota. If there is any workaround, that will also be very useful to know.
Thanks in advance.
If you deploy the app to run as the user executing, not as you, then it will run with their quota. However, they will have to click to authorize sending mail, and it will appear to have come from their own account to themselves.
The quotas are shown on the dashboard that can be also accessed through a link in the side panel of the documentation page. I'm afraid you hit quotas for email service.
...
EDIT : Ah, didn't see Corey's answer... smart suggestion of course ;-)
Try using an external API (i.e. Mandrill). Mandrill (it's by Mailchimp, so it's pretty robust) has an easy external API with much larger limits (in the order of thousands).
You can even set the from address so that it wouldn't look spammy (or, really, any different than the normal Google Apps Script send email).
Take a look at Use Mandrill API in Google Apps Script.