Emails sent using Gmail API are being flagged as phishy by Gmail - gmail-api

When I send an email using the Gmail API, recipients that are using the Gmail web interface are getting a phishing warning when they open the email.
However, when I send the exact same email content through the same Gmail account but using the web UI, the recipients do not get the phishing warning.
The only difference I can find between the two received emails, is that the one sent using the API has this additional header:
Received: from 114692869688 named unknown by gmailapi.google.com with HTTPREST; Tue, 11 Jun 2019 11:37:51 -0500
Does anyone know how to resolve this problem?

I have the same problem.
When defining your message does not define the from parameter :
def create_message(sender, to, subject, message_text):
message = MIMEText(message_text)
message['to'] = to
#message['from'] = sender
message['subject'] = subject
encoded_message = urlsafe_b64encode(message.as_bytes())
return {'raw': encoded_message.decode()}
In fact, this parameter is also defined when giving the user_id to the send method.
message = (service.users().messages().send(userId=user_id, body=message)
.execute())

In my case recipients get the emails ok, but senders got their own messages flagged as phishing in their sent messages tray.
After some time struggling with this, it seems a case-sensitive issue.
Once I capitalized the f in the "from" header the problem went away.
So:
# sender something like "John Doe <johndoe#gmail.com>"
message['From'] = sender

Make sure your from-header is ['From'], and not ['from'] (like Google's guide shows).
This one-line diff:
## -129,7 +129,7 ## def create_message(sender, to, subject, message_text):
"""
message = MIMEText(message_text)
message["To"] = to
- message["from"] = sender
+ message["From"] = sender
message["Subject"] = subject
return {"raw": base64.urlsafe_b64encode(message.as_bytes()).decode("ascii")}
Is the difference between getting this failure:
and this success:

There are two options:
Send an email through Gmail SMTP (Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers)
Authorizing Your App with Gmail - All requests to the Gmail API must be authorized by an authenticated user. Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data.
When you get an email that looks suspicious, here are a few things to check for:
Check that the email address and the sender name match.
Check if the email is authenticated.
Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
Check the message headers to make sure the "from" header isn't showing an incorrect name.**
Yes, the message header is important when sending an email using Gmail API. You will need to trace an email with its full headers.

Related

Email not getting sent for multiple recipients in case of duplicate emails

I'm trying to send email to multiple recipients using
is_multiple=True,
which is working fine.
But only one mail is getting sent out of two when I try to include same mail with + symbol again
e.g abc#gmail.com, abc+test#gmail.com
when I send mail to the above two mail recipients from gmail directly, even if I add +
to the mail, it will still be delivered as two mails for the same email.
But this is not the behaviour in sendgrid, only one of the recipient is receiving the mail
message = Mail(
from_email=From(self.sender, "Test"),
to_emails=all_recipients,
is_multiple=True,
)
all_recipients = [
To(
email=recipient["email"],
dynamic_template_data=recipient["template_data"],
)
for recipient in recipients_and_template_data
]

Microsoft graph API --> To see if the message is a reply

I am using the graph API to retrieve the mail from mail folders. For example I got a mail, I will change or edit the subject line and store the conversation id for future use. if I got the reply mail for the same email chain I got different conversation id. How to handle this, I need to find out the reply mail.
"subject": "Test",
"conversationId": "AAQkADU1YWM2MjMyLTVkOGQtNDdiMy05YWM4LTE4NTNlYzg1ZWRiNwAQADofdbq8_JtJkY8M5wnunlU=",
reply msg:
"subject": "Re: Test1",
"conversationId": "AAQkADU1YWM2MjMyLTVkOGQtNDdiMy05YWM4LTE4NTNlYzg1ZWRiNwAQAHu3pWtxNmBFjdfyjYaVGKc=",
I need to find this ts reply message.
I'd suggest you use the In-Reply-To header https://wesmorgan.blogspot.com/2012/07/understanding-email-headers-part-ii.html in that way you can relate multiple replies (to the same replied to message) in a Message chain etc. You can either get the In-Reply-To header by requesting the InternetHeaders https://learn.microsoft.com/en-us/graph/api/resources/internetmessageheader?view=graph-rest-1.0 (this will return all the headers) or you can request the extended property to just get that one property eg
https://graph.microsoft.com/v1.0/users('user#domain.com')/MailFolders('Inbox')/messages/?$select=ReceivedDateTime,Sender,Subject,IsRead,inferenceClassification,InternetMessageId,parentFolderId,hasAttachments,webLink&$Top=10&$expand=SingleValueExtendedProperties($filter=(Id%20eq%20'String%200x1042'))

Sending multiple emails in a row in GAE

I have a GAE based app (python) and I'm trying to implement automatic email sending. When only one email is sent it works fine (both local and deployed). However, when I try to send two emails in a row the script only works on my local dev server. If the application is deployed to Google a strange mixup occurs. It seems like the body of the first email is sent to the recipient of the second one and then the application throws an internal server error.
Here's my code:
class MailSender(webapp.RequestHandler):
def get(self):
firstname=self.request.get('firstname')
lastname=self.request.get('lastname')
email=self.request.get('email')
city=self.request.get('city')
state=self.request.get('state')
country=self.request.get('country')
sender_address = firstname+" "+lastname+" <"+users.get_current_user().email()+">"
subject = "Subject 1"
body = "Name: "+firstname+"\nLast name: "+lastname+"\nEmail: "+email+"\nCity: "+city+"\nState: "+state+"\nCountry: "+country
mail.send_mail(sender_address, "address1#ourdomain.com", subject, body)
sender_address1="address1#ourdomain.com"
subject1="Subject 2"
body2="message"
mail.send_mail(sender_address1, email, subject1, body1)
self.response.out.write('{"status":"true"}')
It seems you didn't set a valid sender address in second mail.
https://cloud.google.com/appengine/docs/python/mail/sendingmail
The sender address must be one of the following types:
The address of a registered administrator for the application. You can add administrators to an application using the Administration Console.
The address of the user for the current request signed in with a Google Account. You can determine the current user's email address with the Users API. The user's account must be a Gmail account, or be on a domain managed by Google Apps.
Any valid email receiving address for the app (such as xxx#APP-ID.appspotmail.com).
Any valid email receiving address of a domain account, such as support#example.com. Domain accounts are accounts outside of the Google domain with email addresses that do not end in #gmail.com or #APP-ID.appspotmail.com.
You might need to use the EmailMessage object the way you see here. Did you try using a loop to send emails? The following works for me.
for detail in details:
subject = detail.title or 'Reminder'
message = mail.EmailMessage(sender='Business <info#business.com>', subject=subject)
message.body = """
Hello!
"""
message.to = detail.email
message.send()

Change Recipient Address Google Apps Script

Is it possible to change the recipient address when using the reply function in Google Apps Script?
I want to receive an email from a random email account, mark it with a label and when scheduled, run the following code to reply to a desired email address rather than the original sender. The reason I want to reply is to keep it in the same thread. I have tried nearly all variations of the following code and can't get it to work the way I want it to:
thread.reply("This is a message.", {
htmlBody: "This is a message.",
name: "My Name",
recipient: "DESIRED#EMAIL.com",
replyTo: "DESIRED#EMAIL.com",
to: "DESIRED#EMAIL.com"
});
If you're asking to generate a random email address and send a real email from that address... that's not possible.
However... you could set the replyTo optional parameter as a random address - though when users would try to reply to that thread they would get a bounce-back notification that the address could not be reached. However, the original sender (the non-random address) would still be visible in the original message.
If you look at the GmailApp docs (replying)/(sending), you'll notice a few limitations. The sender's address (from) must be a valid Alias, if you're sending mail from MailApp (Google Apps Script).
However, there are plenty of methods in the GmailMessage class such as getFrom() and getReplyTo() that would allow you to get/set the message's from/replyTo parameters and have them be the same value. That way, when you reply to a message you will always be in the same thread.

How do I send email from Google App Engine with a random, non-app admin sender?

Google App Engine has a rule of only allowing app admins to send email.
Is there a workaround that anyone out there is using to send emails from non-admin addresses?
I'm building a B2B white-label platform, and being able to mask the "FROM" address is very important without giving my customers admin access.
The docs also state:
Any valid email receiving address for the app (such as xxx#APP-ID.appspotmail.com).
So you can make up an sender address based on that, and even correctly route that email back into your app if anyone replies to it.
It is also possible to send email on behalf of a logged in user, assuming that user is using a Google Account.
user = users.get_current_user()
message = mail.EmailMessage(sender=user.email())
#Set other message components, such as message.body
try:
message.send()
except:
message.sender = #An APP-ID.appspotmail.com address, or Admin address
message.send()
If you need the email to appear as if it was sent by a user and when replied to reply back to that user's actual email address then you can make use of reply_to.
user_name = 'Some Guy'
user_email = 'some.guy#whatever.com'
admin_email = 'no-reply#yourdomain.com'
from_email = '%s <%s>' % (user_name, admin_email)
reply_to = '%s <%s>' % (user_name, user_email)
mail.send_mail(from_email, to_email, subject, body, reply_to=reply_to)
This way to the person receiving the email it will appear that it came from user_name and if they reply then their reply email will be sent to user_email.
The main negative of this approach is that if someone looks closely at the address they received the message from they will see the admin email address but most email clients show the name more prominently.
On the plus side you can send as any email address and most people would never notice it came from an admin email address.

Resources