I have a App Engine Python application that I'd like to send an occasional automated email.
In the past, with a different application, I was able to set the default service account (e.g. my-project-id#appspot.gserviceaccount.com) as an authorized Email API sender on the App Engine settings page:
https://console.cloud.google.com/appengine/settings?project=my-project-id
Now, when I add the service account email and push "Save" button, I get a pop-up notification that says "Saving settings..." then nothing.
I got the default service account value from the IAM & Admin page:
https://console.cloud.google.com/iam-admin/iam/project?project=my-project-id
I have even added the App Engine roles to the App Engine default service account member.
Note: I was able to make my personal email account which owns the project an authorized sender and successfully send emails. But I would prefer to send API emails with the App Engine service account.
So apparently I was overcomplicating this. In my older project, I had the project's default App Engine service account added as an authorized sender as described in the question. It seems this is neither necessary or even any longer possible.
To send emails using the App Engine Mail API from an App Engine project account, simply set the sender value in your code to an address formatted like so: any-name#my-project-id.appspotmail.com.
For example:
mail.send_mail(sender='no-reply#my-project-id.appspotmail.com',
to='user#example.com',
subject='App Engine Mail API Test',
body='Please do not reply.')
This is stated correctly in the App Engine documentation:
Who can send mail
For security purposes, the sender address of a message must be one of the following:
The Gmail or Google Apps Account of the user who is currently signed in
Any email address of the form anything#[APP_NAME].appspotmail.com or anything#[APP_ALIAS].appspotmail.com
Any email address listed in the Cloud Platform Console under Email API Authorized Senders
Related
We have a google cloud endpoint (running on google app engine) that occasionally sends an email to a user, such as when a password is being rest. It works fine when the endpoint is accessed via ourapi.appspot.com.
However, it doesn't always work when the endpoint is accessed via ourapi.company.com. We setup this url up as a custom domain in app engine. In particular, it works when the api is accessed in the U.S. It doesn't seem to work from some countries.
The endpoint executes but the email is never received. The code is written in Java and no exceptions are thrown.
Any ideas?
I am trying to add a email sender account in Google App Engine. The domain is not a google apps domain.
When I try to add the account as an IAM user, it says the account must have a google account. When I try to make a Google account, it forces me to make a #gmail account as part of it.
Once all that was said and done, I am able to add my new email domain into IAM, but as soon as I save and refresh the page - it shows the #gmail alias I created. It won't let me add my own domain as an email sender because only the #gmail is in IAM.
Is this broken?
UPDATED
Turns out that I accidentally assigned a gmail account to the Google account as well and that was overriding the name. I went into the google account and removed Gmail from the products list and I was able to add the subdomain in IAM and as a valid sender.
Not broken, just working as documented. From Who can send mail:
For security purposes, the sender address of a message must be one of
the following:
The Gmail or G Suite Account of the user who is currently signed in
Any email address of the form anything#[APP_NAME].appspotmail.com or anything#[APP_ALIAS].appspotmail.com
Any email address listed in the GCP Console under Email API Authorized Senders
All email addresses on the Email API Authorized Senders list need
to be valid Gmail or Google-hosted domain accounts.
One option would be to get your domain under Google domain hosting or G-Suite, thus meeting one of the quoted restrictions, donno if that's acceptable for you.
These sender address restrictions and other restrictions associated with sending email through the GAE Mail API) are probably not applicable if sending email through one of the Google's 3rd party email provider services: Mailgun, Mailjet and SendGrid. At least such restrictions are not mentioned in these docs. So that could be another option to consider.
I own a domain, call it myDomain.com, which currently masks a Google App Engine project. I have multiple alias email addresses associated with this domain, e.g. rsvp#myDomain.com, that are all set up to forward to my Gmail account. I am unable to ever authorize these aliased email accounts as Editors of my Google App via the Developer's Console because Google always sees the aliased email as my Gmail account and says...
You are already a member of this project, you cannot accept this
invitation.
...whenever I attempt to accept the invite to Edit.
Thus when I attempt to send an email via an aliased email from my deployed app, I get an InvalidSenderError: Unauthorized sender error.
Is it possible to use my domain's aliased emails to send emails from my app if they are forwarding to the same account that deployed the app? I will try an experiment this evening where I use a different forwarding email account, but this is not sustainable, as I would like to have many (>10) aliased email addresses.
Thanks!
Unfortunately, you can't send from email aliases using the built in mail service in GAE. It must be a a full user with developer access to that project.
We switched over to using The SendGrid integration for much the same reason.
There is a built in library for it in GAE and you and get a free SG account for low volume. Check out docs at https://cloud.google.com/appengine/docs/python/mail/sendgrid for more info.
The documentation states:
The From: address can be the email
address of a registered administrator
(developer) of the application, the
current user if signed in with Google
Accounts...
This works fine for my app when the current user's Google Account happens to be a Gmail account. It used to work fine for non-Gmail google accounts also but of late I see an error:InvalidSenderError: Unauthorized sender
for non-Gmail google accounts. Am I missing any recent changes to the implementation?
Since May 10 (with the 1.5.0 SDK release) the additional restrictions where added:
We have added two restrictions to the Mail API to improve the reliability of the service for all application.
Emails must be sent from email accounts managed by Google (either Gmail or a domain signed up for Google Apps).
It seems the documentation does not reflect this change yet.
I need to send emails from my web application (on account creation, password reset, etc.). This application will most likely be hosted on a standard hosting site (or possibly on Amazon EC2), not on Google App Engine.
However, I like the ease of use for sending email through App Engine. Is there a way to host your application elsewhere but use App Engine to send emails programatically? I suppose I could send a web request from my application to a custom application on App Engine, parse the request, and then send the email from App Engine.
However, I would like to avoid having to create an application on App Engine even if it is very simple as it would be another item to maintain. Is there a simpler way to just use App Engine as the email gateway, similar to using Google Apps for my Domain?
I don't need to receive email by the application. Also, I would like all emails to come from the same domain (like mail#example.com) regardless of if it were sent from the hosted application or App Engine.
You can do this using remote_api. Simply upload a Python app with nothing but the remote api handler included; you can then use the Python remote api library to send emails via App Engine.
Note that emails sent by the App Engine Mail API have to be from an administrator of the app (or the logged in user, but this doesn't apply over remote api). Thus, you'll want to add whatever from account you want as an administrator to the app.
Edit: As mentioned, I am totally wrong! Above post is correct.
First, I am very positive if you want to use App Engine's features you need to actually build an app on it. You can't use their API on external applications. You are right though that you could simply send a request to your app engine app if you wanted it to send email. I don't see how it would be too hard to maintain if that's all it is doing.
Second, if you are planning to send emails via GMail's service, they don't allow you to mask the from address so you will always see it from whatever gmail address you're sending it from.
Why not just send emails from your application but use whatever email service you use now? In most languages and frameworks, SENDING email and not managing it is a breeze.