Trying to understand something thats not clear from AWS SES emails.
I have a simple emailer on my website that I have setup using nodemailer.
It has 3 fields
Name: name of user filling out form
email: email address of user filling out email.
Description: description filled out by user.
I'm seeing in AWS docs that I need to verify on their console the users email.
You can only send mail from verified email addresses and domains.
Note: This restriction applies even when your account isn't in the
sandbox.
This could be any number of different user email address how would I be able to verify them all I wouldn't know them.
What am I not getting here. I have verified the To: email which will always be the same as its coming to my domain email.
You'll want to send from an email address under your control (SES enforces this on a technical level, but spam filters tend to de facto enforce this everywhere due to things like SPF records) with a Reply-To header of the email address submitting the form.
Related
I am currently using AWS SES to send emails to my users. However, it appears that my users who use outlook / Microsoft's Business Email System are not receiving my emails. SES also tells me that I have no bounces too.
The user's email has {name}.onmicrosoft.com on it.
How can I go about resolving this?
EDIT: Found out that the key phrase "password" is a root cause for the email being blocked and not showing up at all. Not sure how to combat this as I am sending a password reset email.
Thanks
I have the following settings in my settings.py file.
EMAIL_HOST = 'mail.domain.com'
EMAIL_HOST_USER = 'me#domain.com'
EMAIL_HOST_PASSWORD = 'mypassword'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
A user in my Django application is able to send an email to a client with a PDF attachment using the EmailMessage class. Here is the code:
email = EmailMessage()
email.subject = 'Demo subject'
email.body = self.request.GET.get('email_body', '')
email.from_email = 'Full Name <user#domain.com>'
email.to = ['{}'.format(self.request.GET.get('to_address'))]
email.attach_file(os.path.join(settings.MEDIA_ROOT, 'quotation_email.pdf'))
email.send()
My questions are,
Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?
I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?
Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?
Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?
The domain part of the email (part after #) is what mostly determines if the email will end up as spam or not (there are, of course, other conditions in determination of spam such as IP reputation of the sending mail server i.e. was this IP used for sending spam in the past, etc).
If you are the authorised sender for a particular domain, you can send emails like john#domain.com or no-reply#domain.com without worrying.
Read about SPF and DKIM records about domain authorisation. It's a topic that I can't really cover in an answer.
I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?
Yes, you can if you own the email's domain name. Just get the user's email address and use it as the From address to send the email.
Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?
Are you referring to the EMAIL_HOST_USER? This is for authentication purpose. This email is required to log into your SMTP server. Without this, the SMTP server will not know if you are the owner of the server or a spammer trying to use their server to send spam.
But if the SMTP server is running locally, you can just use localhost as the EMAIL_HOST and leave out the authentication. Because most email servers (MTAs) relay emails from local host without requiring authentication. But this also depends on the configuration.
Basic understanding of how emails are sent:
Emails are sent just like the real mail - inside an envelope. The envelope and the letter inside it can have different From addresses. And that is also true in case of emails.
Here's an illustrative example. Suppose you own a PO Box. If you want to send a letter to your friend, you'll do this:
Write your message on a paper. You'll sign the letter.
Buy an envelope. Write To address of your friend on the envelope.
Write the From address of your PO Box on the envelope. You don't write your own address, because if the mail couldn't be delivered, it will be returned back to your PO box.
Send out the letter.
Pretty, simple. Suppose someone in your family also wants to send out a letter to someone they know. But they don't own an PO Box. They'd have to spend some money and time to get a PO Box. But why bother, because you already have one. This is how that will work:
They'll write the message on a paper. They'll sign the letter in their own name.
Buy an envelope. Write the the To address of their friend.
Write the From address of your PO Box, so that the mail could be returned to your PO Box if it didn't deliver.
Send the letter out.
This is how actual emails work.
An SMTP server is like a Post Office.
Your email account is like a PO Box.
Every message you send, goes inside an envelope.
The sender address on the envelope can be different than the sender
address on the message inside.
I think Django uses the EMAIL_HOST_USER settings to compose the email envelope and the from_email address you provide is used as the From address.
The sender address on the envelope in known as MAIL FROM address or the Return-Path address. This is not shown to the receiving user. The From address that you see in your Gmail, or Yahoo Mail, is called the MIME From address. They both can be different.
The case is not you sender gmail.
but you need to remove all links inside your html template
I'm looking for a service, surprised sendgrid doesn't provide this. On our site users can send emails to other users. We don't want to provide them with the actual email address. Are there any services that provide email aliasing and forwarding. The service would create an email address that could be replied to, that email would send the email immediately to the aliased address. Stats on the emails sent would be kept but not the contents of the emails.
You can use SendGrid's Inbound Parse Webhook as an intermediary to do this. Instead of having the users email each other directly, you can have the one user (User A) email a specified email address that receives the email. Then, send an email to another user (User B) with the information parsed from the original email. Here is an example of this type of communication between two users.
I have the same concept as mentioned in this question(generating a unique random email address for each user in rails app. When the user sends an email that that randomly generated email address, we process the body and store in db.
I followed the following steps:
Deployed my app in Heroku
Created a sendgrid account and configured the username and password to heroku(to get the sendgrid addon).
added griddler gem and followed the steps mentioned in griddler.
Configured the parse webhook in sendgrid with my host and url.
Here comes the main problem:
I registered to coludmailin and it generated the single email address. I don't really understand how to receive uniq emails to my rails application now. I tried white labeling the cloudmailin.net in sendgrid but it doesn't work(may be am wrong here).
Googled a lot but didn't understand how to proceed from here. Can someone please help me in solving this issue. Appreciate if I get a good step-by-step reference
There are two options to do this with CloudMailin.
Option 1:
On the free plan you can use a + in order to separate the email address given to you on CloudMailin and still create a unique email address that each customer can respond to. For example:
If you CloudMailin email address is example1234#cloudmailin.net you can use example1234+unique_id_54321#cloudmailin.net. CloudMailin calls unique_id_54321 the disposable part of this email address. This way you can send an email out and state the sender of that email is example1234+unique_id_54321#cloudmailin.net and then tell one user from another.
Option 2 (the better option):
However, the best way to do this is to use CloudMailin's custom domains. You can then receive anything#yourdomain.com.
With custom domains enabled you set CloudMailin up to be your MX server. Then any email coming into yourdomain.com goes direct to CloudMailin (you can use app.yourdomain.com to avoid conflicts with your regular email if needed).
You can then send email out with the sender as user-12345#yourdomain.com, task-12345#yourdomain.com or any other unique identifier. When you receive the email from CloudMailin the envelope will show that the email was sent to user-12345#yourdomain.com and you can then use this to resolve who the user was.
I'd like to send email to third parties on behalf of users. The key is for the user's email to show up as the "from:" email.
I've tried using send_mail with the user's email as the from_email, but to no avail. When I used gmail's servers to send the message, the third party sees the EMAIL_HOST_USER as the "from:" email. And when I tried using namecheap's mail server, I got SMTPRecipientsRefused: {u'<to email>': (553, '5.7.1 <from email>: Sender address rejected: not owned by user <EMAIL_HOST_USER>')}.
If possible, I'd like to avoid asking for their password as well.
Short answer: You can't do that.
Back in the old days, mail servers used to be quite relaxed about posting mail whenever anyone asked them to, but then SPAM happened and people realised that it was actually quite important to check that the person sending an email is actually the person whose address appears in the From: header.
There are now several mechanisms in place that make it very difficult to spoof a sender email address. These include:
Sender Policy Framework (SPF): An email validation system that works by placing restrictions on the IP addresses authorised to send email from a particular email address. If you try sending email from an IP address not associated with the legitimate owner of an email address, your mail will be rejected.
DomainKeys Identified Mail (DKIM): A method for confirming that emails claiming to have originated from a particular mail server really did originate from that server.
Mail transfer agent restrictions: These days, most MTAs are configured to only accept emails from people who it already knows. (This is why you're seeing a Sender address rejected: not owned by user error message).
Instead, your best option — essentially your only option — is to put your own email address in the From: header, and send the email from your own mail server. If you want the reply to go to someone else, add a Reply-To: header containing their email address.
If you are using Exchange, you might be able to use a library such as Exchangelib, in which the author seems to have been inspired by some of Django's design decisions. Unfortunately, it does look like you will still need to ask for the user's password. I'm going to be looking into this further later on, and since I use LDAP authentication to the Django project, perhaps there is some way to use that to authenticate to the email server, but I have my skepticism.
See this question:
https://serverfault.com/questions/546255/sending-email-with-python-django-through-microsoft-exchange-imap