The documentation states:
The From: address can be the email
address of a registered administrator
(developer) of the application, the
current user if signed in with Google
Accounts...
This works fine for my app when the current user's Google Account happens to be a Gmail account. It used to work fine for non-Gmail google accounts also but of late I see an error:InvalidSenderError: Unauthorized sender
for non-Gmail google accounts. Am I missing any recent changes to the implementation?
Since May 10 (with the 1.5.0 SDK release) the additional restrictions where added:
We have added two restrictions to the Mail API to improve the reliability of the service for all application.
Emails must be sent from email accounts managed by Google (either Gmail or a domain signed up for Google Apps).
It seems the documentation does not reflect this change yet.
Related
I have a App Engine Python application that I'd like to send an occasional automated email.
In the past, with a different application, I was able to set the default service account (e.g. my-project-id#appspot.gserviceaccount.com) as an authorized Email API sender on the App Engine settings page:
https://console.cloud.google.com/appengine/settings?project=my-project-id
Now, when I add the service account email and push "Save" button, I get a pop-up notification that says "Saving settings..." then nothing.
I got the default service account value from the IAM & Admin page:
https://console.cloud.google.com/iam-admin/iam/project?project=my-project-id
I have even added the App Engine roles to the App Engine default service account member.
Note: I was able to make my personal email account which owns the project an authorized sender and successfully send emails. But I would prefer to send API emails with the App Engine service account.
So apparently I was overcomplicating this. In my older project, I had the project's default App Engine service account added as an authorized sender as described in the question. It seems this is neither necessary or even any longer possible.
To send emails using the App Engine Mail API from an App Engine project account, simply set the sender value in your code to an address formatted like so: any-name#my-project-id.appspotmail.com.
For example:
mail.send_mail(sender='no-reply#my-project-id.appspotmail.com',
to='user#example.com',
subject='App Engine Mail API Test',
body='Please do not reply.')
This is stated correctly in the App Engine documentation:
Who can send mail
For security purposes, the sender address of a message must be one of the following:
The Gmail or Google Apps Account of the user who is currently signed in
Any email address of the form anything#[APP_NAME].appspotmail.com or anything#[APP_ALIAS].appspotmail.com
Any email address listed in the Cloud Platform Console under Email API Authorized Senders
I read this page: https://cloud.google.com/appengine/docs/ssl
What I'm wondering: When you create a Google Apps for Work account to get a certificate, does the same user need to 'own' the Google Cloud Platform account where the appengine is running?
And who should be the 'owner' of Cloud DNS?
In many cases, the programmer is not part of the company, so he doesn't have a google apps user account. Or is sharing access of the Cloud Platform enough to get SSL.
Regards, Peter
Note: GAE SSL on custom domains is about to break free of Google Apps, which may significantly change the context for your question and answer(s). See https://support.google.com/a/answer/2644334:
Currently the Google Apps SSL configs only map certificates to the custom domain URLs, regardless of those URLs being served by GAE apps or not, so app ownership identity shouldn't matter. But this needs to be done by a Google Apps Admin.
For now Google Apps Admins can still map custom domain URLs to GAE apps (unclear if they need to own the apps, the above note suggest they might not need to) - which will change after the migration to the Developer Console.
Both the Google Apps Admin or the GAE app owner can perform the app mapping to a custom domain URL (via the Apps Admin console or the Developer Console, respectively) provided they pass the domain ownership verification (the actual Cloud DNS owner doesn't matter technically).
The page you read links to a more detailed documentation for Google Apps, where you can find this :
To add your application to the Google Apps account, the account
administrator’s sign-in account (email address) should be an owner of
the app. This is set in the Google Cloud Platform documentation under
Permissions.
So the admin user who enables SSL on Google Apps must also be an owner of the Google Cloud Platform project.
Who owns the DNS settings (be it Google Cloud DNS or any other DNS service) is independent : it doesn't have to be the same person.
I own a domain, call it myDomain.com, which currently masks a Google App Engine project. I have multiple alias email addresses associated with this domain, e.g. rsvp#myDomain.com, that are all set up to forward to my Gmail account. I am unable to ever authorize these aliased email accounts as Editors of my Google App via the Developer's Console because Google always sees the aliased email as my Gmail account and says...
You are already a member of this project, you cannot accept this
invitation.
...whenever I attempt to accept the invite to Edit.
Thus when I attempt to send an email via an aliased email from my deployed app, I get an InvalidSenderError: Unauthorized sender error.
Is it possible to use my domain's aliased emails to send emails from my app if they are forwarding to the same account that deployed the app? I will try an experiment this evening where I use a different forwarding email account, but this is not sustainable, as I would like to have many (>10) aliased email addresses.
Thanks!
Unfortunately, you can't send from email aliases using the built in mail service in GAE. It must be a a full user with developer access to that project.
We switched over to using The SendGrid integration for much the same reason.
There is a built in library for it in GAE and you and get a free SG account for low volume. Check out docs at https://cloud.google.com/appengine/docs/python/mail/sendgrid for more info.
I'm unable to map a custom domain to my Google App Engine app. The steps I've already taken are:
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine Account
I've added the domain to the "Domains" section of Google Apps
I've verified ownership of the domain within Google Apps
I've correctly setup the MX records of the domain
I've checked that the domain was correctly setup using: https://toolbox.googleapps.com/apps/checkmx/
However, for the last 3 days in the Domains section of Google Apps it says "MX records setup validation in progress".
Additionally, when I go to add the domain within the Application settings of the Google App Engine account I get redirected to a sign in page (despite already being signed in, and an admin within Google Apps, and the owner of the Google App Engine app). Either way when I go to sign in again I just get redirected back to the signin page and I'm not able to get any farther.
Also, I have billing enabled for the App Engine account. I've configured app engine domains numerous times before and never had these issues. Any help would be appreciated.
Update:
Following #presveva's suggestion I setup a new Google Apps account (despite already having an existing one) and the first page after creating a new Google App was a server error. After refreshing the page and verifying ownership of the domain I went to add the domain to App Engine.
On the "Please accept the Google App Engine terms and conditions to continue" page, first of all no terms even showed (numerous XMLHttpRequest errors on the page), and after submitting "I accept. Continue to add this service" the next page stated "An error occurred while trying to install this application. Please try again later."
This process is horribly broke and would be great if Google addressed this.
I know this this post is old but I ran into the same issue.
All ready running Google Apps for my primary domain.
Created a new app and registered a new domain name for that.
Don't want to get a new payed Google Apps account for the app domain.
#presveva is right but there is one way around it.
Use your current Google Apps account and add the app domain as a alias for your primary domain.
Make the admin account of your Google Apps domain owner of the Google App Engine (GAE) application.
Add the GAE app to your Google Apps account via the Google Apps admin interface.
Setup a custom domain name for the domain alias, your new app domain.
Note: If you use Google Sites for your domain you can't use www. Disable sites if you want to use GAE.
For now, the only one way for using custom domain in GAE is signup a Google Apps account (domains article).
Notice that the domain need to be the primary domain of account, a new account for domain.
The docs I have linked mentions a free single-user account but it has been replaced by a 50$ credit for a business Google Apps account (forum annunce)
Background:
I have a Google Apps account for my domain; one email address from there was added as an Admin to my App Engine project.
App Engine happily sent email 'from' this email address for a few weeks. At some point, the email address was marked as 'suspended for abuse'. (Frustratingly, neither App Engine or Google Apps notified me about this.)
In doing my research, I found only a few comments about similar things happening to people on the old community pages. Eg: http://code.google.com/p/googleappengine/issues/detail?id=6181
While it seems that some people have been able to unblock a Google Apps account by either (a) logging in and solving a CAPTCHA or (b) unlocking it via the Google Apps admin page, neither of these options are available to me.
I could set up a new email address and send email from there, but I'm concerned that this email would get blocked as well.
Does anyone have insights into this issue? Is there a TOS rule that I could be inadvertently breaking? Is there a know solution to this?
With the release of App Engine 1.6.3
When an email is sent either from a user of a Google Apps domain from a request originating on that domain, or from an app administrator with an account on a Google Apps domain, a DKIM signature will be automatically applied to the email.
This change should improve email deliverability.
Authenticating Mail: DKIM
App Engine applies similar rules to Gmail's for outgoing mail. Basically if App Engine decides your mail is spammy (based on rules that, for obvious reasons, can't be fully transparent) and if there's a lot of it, it may decide to suspend the account used to send the mail.
This page: http://support.google.com/mail/bin/answer.py?hl=en&answer=69585 has some info about how to make it less likely that your app's mail will be marked as spam.
Note that DKIM signing won't help here. If the mail never makes it out of App Engine, DKIM won't make a difference; it's used by recipients to decide if the mail is spam or not.
As mentioned on the groups page, we're planning to add notification of mail bounces, but don't have a definite timeline for that yet.