I have a local python file that I'm using to send emails through sendgrid's SMTP:
gmail_sender = "example#gmail.com"
server_username = "apikey"
server_password = prod.CONFIG['sendgrid_SMTP']
server = smtplib.SMTP_SSL('smtp.sendgrid.net', 465)
server.login(server_username, server_password)
email_information['From'] = gmail_sender
server.sendmail(email_information['From'], email_information['To'],
email_information.as_string())
I'm confused about who is sending the email. I replaced gmail_sender with multiple different emails, and without having to give the password to those emails, I could send an email through sendgrid's SMTP. In the from section of the email I sent, it says the email I put as the gmail_sender plus "via sendgrid.net." I can make it seem like anyone sent the email, isn't this a security concern?
Any guidance is appreciated :)
The alternative is rather daunting. You would have to technically prove to them that every address you want to send from is actually yours.
Some services require you to prove that a domain is yours by giving you a unique cookie and telling you to publish it in the domain's DNS records. If you have control over the DNS for a domain, you have the control over the domain. But there is no similar mechanism for email - you could simply forge the sender on the email which is supposed to prove that you own the address.
Anyway, going through this ordeal for every domain you want to use is already a chore. Imagine what it would mean for clients who want to use dozens, hundreds, or even thousands of different sender addresses.
The Sendgrid terms of service have some general language about network abuse, which probably apply to using somebody else's email address. I could find nothing specific about address forgery in their ToS. Having a legal restriction in a contract (and enforcing it!) relieves them from the need to implement a technical restriction.
Related
In theory a domain is just a glorified IP address,
so if I take my public IP,
Ex. 12.34.56.78
then is there a way for me to send emails from the alias of noreply#12.34.56.78?
If so do I need to setup a custom email server?
I don't need to receive emails just send them.
Also if it won't work, how come?
TY
Yes, you can.
There is nothing preventing you from sending an email to (test#test.com) or (test#10.10.10.10) in theory. As long as the mail server accepts hostnames and IP addresses.
However, in reality, this just isn't the case.
For one, spam prevention has greatly increased in the past few years making most spam prevention software prevent these kinds of emails.
Secondly, some SMTP servers will not recognize or accept emails from these kinds of addresses.
In the end, these kinds of addresses are only really used in spam mail.
I created a script for validating Email is really exists on SMTP server all are working Fine but some fake email also send response 250 OK. how can I manage this issue. please help me.
try:
domain_name = addressToVerify['Email'].split('#')[1]
records = dns.resolver.query(domain_name, 'MX')
mxRecord = records[0].exchange
mxRecord = str(mxRecord)
host = socket.gethostname()
server = smtplib.SMTP()
server.set_debuglevel(0)
server.connect(mxRecord)
server.helo(host)
server.mail('example#example.com')
code, message = server.rcpt(str(addressToVerify['Email']))
server.quit()
First of all, email address verification is a feature that was "banned" (ok, right, it is still there, but hardly one enables it in production scenarios) from the email related RFCs, because of obvious reasons: it become something it was never intended for, heaven for spammers. However, it could work only for local accounts. Because this is how email delivery works. The SMTP part of the concept is only for sending, for delivery. It is a relay. The SMTP server has no idea of the addressees because it is only trying to pass the message to the next hop - which can, of course, be the local server, but can as well be any remote one. It is using the DNS MX records to get the other SMTP party's address from the email addresses domain part. If found, it connects to the other server and passes the message. If it is a local one, it contacts the local delivery agent that manages the actual mailboxes. That one will know if the mailbox exists or not. If not, it will react based on its configuration: it might or might not replay with any warning. But all this happens asynchronously, because of the nature of the internet.
However, as you can see, the SMTP server itself is either way unable to tell if the addressee mailbox actually exists - except for local addresses. You can verify MX record yourself, but that is telling you if there is an SMTP server registered to that email domain or not - and check for its availability on the network. Nothing more. But you can practically not expect VRFY to work.
Sidenote: the local agent is not directly bound to any the mailbox protocol. You can have a mailbox without a mailbox protocol server running. It makes little sense, but it is not technically required.
Of course, most email services you can get for any operating system will be complex ones housing SMTP, delivery agent and a POP3 or IMAP/MAPI server.
I'm actually aware that I can get the address which the email is sent from, but I wonder if I can get the user name of de sender too. I searched on the email module documentation but I didn't find anything about it.
Short answer: no, you can't.
Username of the sender remains between the SMTP server and the sender; it's never included in the data sent outside, unless the sender explicitly typed it into the email text. Note that there can be several hops between the originating SMTP server and the receiving SMTP server.
IMAP servers are used to access received mail; they have no idea how it was sent.
I have written a Python script that iterates through rows of an Excel file and, for each row:
Gets an e-mail address, name, and name of attachment file to use
Composes an e-mail
Sends out the e-mail
I'm not sure if it's accurate to call this mass-emailing or if it is a candidate for being black-listed because it is sending out individualized e-mails. With a message submission rate of 5/minute, I want to throttle it (or have the limit increased to 100).
So my question is: Is the sort of scenario, assuming the limit is increased to 100, prone to black-listing?
It depends on how well you know the people you're mailing.
If you know them pretty well, it should be fine. If they're total strangers, the recipients might think it's spam and start blocking you.
I could help more if you told me how well you know the recipients.
Its not easy to answer your question as it depends hardly on the remote email environment used here and what you understand with individualized emails (only a different "Hello Mr. ZZ" or "Dear Ms. YY" isn´t really an individualized email these days). To give you three possible examples:
Situation 1:
All users are on the same email environment (e.g. Exchange Online / Office 365). Then the remote mail server might see here +100 similar emails and might mark them as spam. If all +100 users are on +100 different email servers that might be different however the following might be possible:
Situation 2:
One user think that this email is spam and report that as spam. Depending on the AntiSpam engine used here a hash value from that email might be created and other email server using the same AntiSpam engine might therefore detect your email as spam as well.
Situation 3:
The users are on different email environments but in front of them is an AntiSpam cloud solution. This solution will then see +100 similar emails from one eMail environment and might therefore clarify that as SPAM.
Offtopic: You might consider using services like from MailChimp which use different email servers to spread out a similar email. This might help to prevent such issues as the mass emails aren´t send from only one server. On top of that you do not risk your own email server from being blacklisted which might have a very bad business impact on your company.
I need to send a certain pdf to corporate users who fill out a form and not to users to use public domain email addresses like gmail. This is not spam email, users are filling out a form to get the pdf in email. Form mentions to use company email id, but some people still register using their personal email address.
Questions:
What is the best way to achieve this? I am using following and this keeps getting big as I add more providers:
"if "gmail" in sender_address or "hotmail" in sender_address or "yahoo" in sender_address or "aol.com" in sender_address:"
You can use in in conjunction with a list, this is an example, don't use this in production, it might break.
list = ['gmail', 'aol', 'hotmail', 'yahoo']
myemail = 'foo#aol.com'
if mystring.split('#')[1].split('.')[0] in list:
print 'I`m public'
To parse e-mail addresses, I'd look at some regex that has been tested to reduce the risk of a parsing error.
To filter users by domain, I'd add all the domains that you want to filter to a set and check using the in operator (this should be more efficient than checking a list).
Finally, as #mac pointed out, it would be probably better to let your users subscribe to the newsletter (or whatever you want to send), rather than sending them unsolicited e-mail.