I am using the smtplib library to automatically send a verification email to users when they sign up on my app. When a user has an outlook email it automatically rejects it as spam. Both gmail and yahoo mail work fine. What can I do to prevent it from getting blocked? I already used mail-tester.com and it said that my email was a 9.3 out of 10 for not getting blocked. I am using the namecheap domain email provider ox mail to send the emails. The domain of my email ends in .io and is of a website that no one has ever heard of. Please let me know if you you need anymore information to solve this problem. Thanks
We are building a website expecting to serve around 10k users or more.
We want a functionality that each user will have an email address # our domain, however, this email address will not be accessible by the user it will only be used to receive a very rare amount of emails (say it will be published to receive gift cards directed to that user) and we need to notify the user as any gift card is received and do something accordingly at our end
We want to use Google App Engine with Python, and what first came to our minds is that we don't actually create any real mailboxes and we create a single catch-all email that will receive any mail sent to our domain mailboxes even not existed, then we can filter all received emails and map them to our users accounts
Within current Google receive limits (1 email per second) this will work, the main issue is that SPAM mails comes and flood the catch-all mail box with emails that directly reach receive limit and email account gets suspended by Google
We want to apply a smarter solution, we only care for emails that comes from a specific sender domain (say: giftcards.com) and we can drop any other emails
Is there is any reliable service or setup at our side we can use to filter out unwanted emails and only forward emails from giftcards.com (for example) to our main Google apps email?
Am confused why emails sent by my appengine app are not being signed with DKIM.
Enabled DKIM signing on Google Apps dashboard. Confirmed that my domain is "Authenticating email"
Have setup DNS TXT record using the values indicated in the apps domain. Have confirmed, using 3rd party validation tool, that the DNS is correct. Also, I assume that having a green-light indicator for authenticating email in my Google Apps domain means this record has been validated by Google Apps.
Email-send is being triggered by a click by a user browsing my application via my custom url. The custom url matches the domain for the return address of the sender. The sender return address is an owner of the account.
As far as I know, these are the requirements for emails to be signed automatically. Yet, alas, they are not being signed. Any help or ideas will be greatly appreciated. Thanks -
How long ago did you create your DNS TXT record? Since DKIM is a DNS controlled service, and DNS often takes up to days to propagate across the Internet, you may need to wait for that to happen before Google will recognize it as valid.
I have a python GAE app that sends emails like in the example using the address of a registered administrator for the application as the "sender" address. When an email arrives from such an API call, here's a pic of the attached warning.
This message may not have been sent by: EmergencyButtonApp#gmail.com
Learn more Report phishing
Am I doing something wrong? None of the 3 options mentioned in the "Learn More" link are relevant I believe: the sender is a gmail address so the "SPF and DKIM authentication" solution isn't relevant, I'm not sending to a mailing list and I'm not using SMTP (I think, though maybe GAE is...).
Assuming you're seeing this in production, it's probably because you're claiming to be from a gmail address, but sending via App Engine. Use one of your app's email addresses as the sender (foo#yourapp.appspotmail.com) and it should work fine.
I think the best solution is to use Google's SMTP servers... It's the best way to not be considered as a spammer.
On GAE, a non-gmail user can create a Google Account using their non-gmail email and log into a google app engine application. However, sending from that email does not appear to work all the time.
For example, suppose foobar#yahoo.com creates a google account and they log in. Then, GAE should be able to send email from foobar#yahoo.com during a user request.
The problem is that this does not appear to work for yahoo email accounts and others. In my experience, only the following users can have email sent on their behalf:
Currently logged in gmail users
Currently logged in users with emails that run on google apps
Administrators
However, you cannot send email on behalf of users with the following email address:
yahoo and hotmail users
.gov or .mil users
most .edu users, although I think some schools use google apps and they work.
If I send from those email addresses, I get the following error:
message.send();
File "/base/python_runtime/python_lib/versions/1/google/appengine/api/mail.py", line 799, in send
raise ERROR_MAP[e.application_error](e.error_detail)
InvalidSenderError: Unauthorized sender
Am I missing something here?
I know there are similar questions out there on this topic but I don't think they nail them.
Your application has no right to originate email from addresses you don't own.
Doing so is called spoofing and there has been a lot of work done in the last 8 years to prevent spoofing: DKIM, SPF...
If you need to send email you need to have your own email address(es)/domain to send the email from for this application and you'll need to handle bounces as well.
Update:
Google Accounts
Google accounts can be created using 3rd party domain email addresses (e.g. hotmail, yahoo, *.edu, etc). There will be an email confirmation step to verify the email address, but there may be no greater relationship than this. The email address is the "username" and there's a password created with Google that has nothing to do with the 3rd party domain.
Google accounts don't have to have a mail service component. You can create a Google account and not have Gmail.
Google email on a 3rd party domain
Google Apps can be run "on" 3rd party domains, this can, but not necessarily include Google email.
Google email could be run on any domain without any other "Apps", they offer email outsourcing which is quite attractive to the Education sector. In this scenario, Google is authoritative for email for that domain.
On behalf of mailing
Google email has the functionality to set up "On Behalf of" emailing. This requires configuration. A confirmation email is sent to the target account. Once created the email is sent using the originating account's email address in the mail envelope, so any delivery status messages (delays, rejections) will be returned to this account. The originating email address will also be in the sender header. The address that you're sending on behalf of will appear in the from header in the messages, but otherwise, with regards to security settings and validation, it's a Google email from Google.
A quick search has returned some tech blog websites that suggest that they are considering retiring this feature in favour of supporting third party SMTP services.
Third party SMTP server
So someone could configure their Google Email account with the SMTP server, username and password of their mail service provider and use it to send email via their Google mail interface through the valid servers of their mail service provider. This email would therefore genuinely "originate" from that domain's infrastructure.
I've not read the documentation for this GAE function to send email. However, I can see that if someone is signed into their Google account and that account has a mail service, then it could be possible to send email from that account using an API.
However, Google will not generate email "From" 3rd party domains for which it has not been assigned authority over. The email would not be valid; it would be "spoofed". It may not comply with a variety of security enhancements, could be used maliciously and would bring them into disrepute.
I hope this makes the situation clearer for you.
If the documentation is lacking in this regard, it could be that those who wrote it, being so familiar with email, might find it hard to imagine someone would think it were possible.
For me it looks like Google has changed something. I've had an application running 1,5 years without problems (and changes) but suddenly on 2011-05-03 sending emails for example on behalf of Yahoo users stopped working.
This change also affected other non-Google (non-developer users).
If foobar#yahoo.com creates a Google account and logs in, you will be able to send on behalf of their Gmail user, but not their Yahoo user. Same for Hotmail. As for .gov, .mil or .edu, there's nothing special about these TLDs. If they are Google Apps domains, you can send from them, otherwise you cannot.
Note, though, that you can specify a Reply-To address when sending mail. This can be any email address whatsoever, so if you use a reply-to address of foobar#yahoo.com on outbound mail and the recipient clicks reply, this should be the address that's populated as the recipient.