Receive email with AWS SES without MX record - aws-sdk

I'll like to process incoming email on a specific email. In aws docs it says
Although you are not required to publish an MX record to receive mail through Amazon SES, if you don't publish the record, Amazon SES will receive mail for your domain only if you explicitly route it to Amazon SES.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-mx-record.html
How do I explicitly route email to SES?

After hours of research and failed attempts of having SES receive emails without the use of a MX record (had set up an additional Route via gSuite / Google Apps), here is my best suggestion on how to go about this.
Short Version
Create a subdomain and point its MX record to SES after inserting the TXT verification record. After creating the necessary ruleset to receive and save email from any#sub.domain.com, you can now have SES receive email from any email address you own (even if it's not verified with SES) by simply forwarding its emails to the SES enabled subdomain email address.
Long Version
Unfortunately, it does still require an MX record, but check it out...
You can create a custom subdomain on your primary domain and call it anything. In my case, I called it ses.mydomain.com
Next, I added my newly created subdomain to SES via the Domains link.
Immediately upon adding it as a domain to SES, a pop-up window appears displaying the required TXT verification record and MX mail record.
Shortly after assigning these two DNS records to my subdomain, the subdomain is verified and able to receive email after setting a few quick rules via Rule Sets!
Here's the cool part - you can still have SES receive email from any email address you have access to.
How you might ask?
By just setting up a forwarder on the email address you do want to send to SES, by forwarding it to the SES-enabled subdomain email address.
Meaning - If SES is able to receive email from someone#ses.example.com, but you want it to actually receive email from someone-else#example.com, then all you need to do is forward someone-else#example.com to someone#ses.example.com!
Remember, you still need to create the necessary rules to receive emails. See this AWS Blog Post for more information.

Use one of the AWS SES's inbound endpoints:
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html#region-select
e.g. for US-EAST-1 the inbound endpoint is inbound-smtp.us-east-1.amazonaws.com. For receiving only you do not use SMTP endpoints. The procedure is pretty much the same using MX records or not: somewhere (in your DNS or in your mail handling system) you must point to a SES inbound endpoint.
For example, my MX records point to Google Apps, but using 'Hosts' and 'Routing' (inside Google Apps/Gmail options) I managed to relay only one recipient to SES. So every e-mail my domain receives goes to Gmail recipients as usual, except for one special_recipient#mydomain.com which I relayed to SES (which, in turn, goes to SNS then to SQS).

from:
https://aws.amazon.com/blogs/aws/new-receive-and-process-incoming-email-with-amazon-ses/
Now you need to route your incoming email to SES for processing. You have two options here. You can set the domain’s MX (Mail Exchange) record to point to the SES SMTP endpoint in the region where you want to process incoming email. Or, you can configure your existing mail handling system to forward mail to the endpoint.

Related

Intercept inbound and outbound gmails through api in Java

I have been trying to find the way to read the inbound and outbound emails prior reaching the recipients and if the email contains sensitive data, I would modify or rather stop delivering or quarantine that email.
Also, is there any admin setting to schedule send all the email send from org(basically delay sending the emails). I'm aware that this functionality is available in user's mailbox, want to now if any admin setting is available which can be enabled by default for all emails.
I have integrated messages.get and webhook's to fetch all the emails, but those are all either emails which are already delivered. Is there any api or way to detect sensitive emails in real time before getting delivered?

DMARC Anti-Spoofing Error When Sending Email with Sender Yahoo Domain Other Than Server Domain

I am using our email server at [mydomainhere].com to send emails through a web site UI. I just used the UI to send an email from [myemail]#yahoo.com. And received an Undeliverable message at my yahoo email address.
mta1400.mail.ne1.yahoo.com rejected your message to the following e-mail addresses:
[myemail]#yahoo.com
mta1400.mail.ne1.yahoo.com gave this error:
Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
More information can be found here:
http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
Any help would be appreciated.
Yes Allan, you are correct in assuming that the anti-spoofing that Yahoo (and now AOL) have turned on is permanent. The technology they are using is called DMARC. Yahoo has published a DMARC record in their DNS:
$ dig TXT _dmarc.yahoo.com. +short
"v=DMARC1; p=reject; sp=none; pct=100; rua=mailto:dmarc-yahoo-rua#yahoo-inc.com, mailto:dmarc_y_rua#yahoo.com;"
Every mail server that supports DMARC will look up that record in Yahoo's DNS and apply Yahoo's p=reject policy. In effect, what Yahoo has done is stated to the world, "if the email does not originate from this list of IPs (SPF) or bear this crytographic signature (DKIM), then reject (p=reject) it." Since your mail server is not in their list of mail servers IPs nor are the messages signed with Yahoo's DKIM key, a substantial and growing portion of the mail servers on the internet are going to reject it or deliver it to the Spam folder (Gmail).
In addition to the SPF & DKIM checks, DMARC also introduces the concept of alignment. In addition to passing SPF checks (which apply to the Envelope Sender), DMARC requires that the domain in the messages 'From' header passes SPF. This prevents you (and bad actors) from sending messages with a header From domain of Yahoo.com and an Envelope Sender domain of attacker.com, which the recipient will never see. This alignment also extends to the DKIM signature, requiring not just that the message is signed with DKIM, but also that the dkim signature domain (d= property) matches the From header domain.
we will just have to prevent users from using their yahoo email address in the sender email field
Coding in a check for the yahoo.com domain is a hack that won't last long. AOL has already joined the thousands of domain owners with DMARC p=reject policies. They won't be the last of the Very Large Email providers to publish p=reject DMARC policies. A much safer approach is to evaluate SPF against your mail servers public IP and the domain in the users selected email address. If the SPF check fails, then choose an option:
Inform the user that their choice of domains doesn't permit 3rd party senders and they should choose another.
Alter the From header to send from a domain you control:
From: "user#yahoo.com via" <my-app#my-domain.com>
As already stated, you could define Reply-To if you wish for replies to expose the senders real email address.
Set up local usernames that forward to the sender's real email address. If you've used Craigslist, you're familiar with the idea. You maintain a mapping of local addresses and the email address they forward to.
Based on what you've said about your web application, it seems like #2 is the best fit.
I have had a similar problem with mailing lists that I maintain (e-mails with a From address something#yahoo.com bounced). I solved my problem by changing the From, Reply-to and Errors-to fields of the e-mails' headers as follows:
From: Organization name <no-reply#somedomain.org>
Reply-to: my-email-address#yahoo.com
Errors-to: my-email-address#yahoo.com
I suspect that similar changes will fix your problem.

How do I prevent Google Apps Script from forwarding sent email to the forwarding address

I am using MailApp.sendEmail to send mail FROM:SEND#example.com and TO: RECEIVE#example.com
The SEND#example.com inbox automatically forwards all incoming mail to various other addresses in my organization.
The unintended consequences are that even though I only want these emails to be delivered to RECEIVE#example.com, they are automatically being forwarded to all of the email addresses that SEND#example.com forwards to as well.
This doesn't seem logical, as it is an outgoing email and if I simply send an email from the SEND#example.com inbox normally, the sent mail does not get forwarded.
Can anyone explain why this happens and/or a way around it?
I believe it happens because the copy google's servers (running the apps script) places in the sending account's mail folders is treated by gmail as a new incoming message that just happens to have the from field set to be that account itself. It then performs whatever rules it always performs on incoming messages.
You can set your rules for that gmail account to forward except in the case that the from address is your own email address. When you create the filter enter "-SEND#example.com" in the from field.

Is there a way to force GMail/Google Apps SMTP server to not store sent messages?

Perhaps a special command or message header in order to be able to tell Google to not store a message sent using their SMTP server in the respective user's Sent mailbox.
There is no way to prevent the message from being saved to Sent. However, you can connect via IMAP after the send and delete the message from the Sent folder. Assuming you are using OAuth authentication, the same scope you use for SMTP allows you to connect via IMAP.
I was also stucked in this kind of scenario some time back, for me I could not find any standard API to solve this. But as a workaround I have created a rule which deletes all the mails which appears in Sent Folder. But beware of IMAP protocol, it allows users to store their there sent messages in custom folders also.

How does a mail relayer doesn't send a mail to already received recipients?

i was wondering.
Suppose i have an exchange server, (the domain can be me#company.com),
also, i have a relay server, that accepts requests to internet domains (gmail/yahoo/etc).
suppose i send a mail to: (you#company.com; him#gmail.com) - from a user in the domain (me#company.com)
The mail is sent to the exchange server, then the exchange groups the domains (company.com and gmail.com) => it puts the mail into you#company.com mailbox.
then, the exchange sees that it needs to send into him#gmail.com, so it will send it to the relay server.
the relay server will get the SMTP request:
from: me#company.com
to: you#company.com; him#gmail.com
the question is - how does the smtp relay server knows not to send it to you#company.com - thus causing duplicate mails received?
also, how does the gmail server knows not to try to send the mails it receives again? (because they only get smtp requests, similar to a client that sends the mail)
thanks in advanced!
The content of the mail is not parsed by either exchange or the relay for determining where the mail should go. Everyone in this context is talking SMTP with one another, and specify recipients with the RCPT protocol message. So your mail client tells exchange two RCPT, exchange decides one of them is remote, then says one RCPT to the relay, and so on and so forth. This document specifies the SMTP protocol where you may read about the RCPT verb.
The headers you see are not used to deliver the message. Instead, SMTP defines a concept called envelope which has a completely different set of headers. As a common illustration, this is how Bcc: works, too; the recipient address is copied to the envelope, then removed from the message which goes inside the envelope.
When a message is delivered, the envelope sender is usually copied into the Return-Path: header, and you can sometimes see the envelope recipient information copied into the Received: headers.
At the point where a mail server decides to which destinations a message should go, there is commonly one copy of the message (spool file, queue entry, what have you) for each distinct destination. So if you send to from you#company to me#company, you#private, and friend#gmail, the first server might determine that the external addresses should both go to the same outbound relay, while the internal copy is delivered locally. Then the relay similarly decides that it needs to contact two distinct destination, so the single incoming message gets copied to two outbound messages, one to you#private and the other to friend#gmail.