Community,
If a user wants to register with your website, and you want to make sure the user’s email actually exists and is being used, the practice has been to create code that sends a message to the user’s email.
Nowadays, most smtp servers require authentication to accept mail. Since u cannot know your user’s email address in advance, I would like the others to enlighten me on how they are doing their email address verification.
I already know how to authenticate my message-sending application with yahoo, (and may be gmail) but how do you verify user email in the case of unknown smtp servers at which your user might have an email address ????
Related
I am implementing an email verification service, with the purpose of confirming that the person registering is indeed the owner of that email address (specifically, that they work at the organisation that the email domain belongs to).
I will send an email post-registration with a single-use link in it that will set their status to verified = 1.
Users can choose to register and log-in using either a simple email/password combination, or by using the Google Sign In service.
My question is: do I need to verify the ones that have registered with Google Sign In? In order to provide their email address to me, they had to sign in with Google, who then confirmed the address. Is there anything I've missed here, or can I immediately consider these users to be the verified owners of these addresses?
If you are using google sign in there is no need to verify the user.
Whereas if have your own login system, then you must verify the email because
if the email is not verified then you cannot have forgotten password feature through email
and also the user might not have actually had the email so anyone else could create the same email and if you have forgotten password through email someone else could easily access others data.
I host a mail server, where users log in via SMTP to send email.
The current config of postfix allows every authenticated user to send emails with any sender address.
My objective is to prevent users sending mail with an other FROM: address than the sender’s own SMTP login name.
For example: if you log in with the username bob, you’re only allowed to send emails with the sender address bob#example.com.
smtpd_sender_restrictions could be a solution, but this would reject clients, who entered any other address.
A more elegant way would be to automatically rewrite all from addresses to the username they logged in with. That's, what I'm trying to achieve.
Just like Gmail, if you use it as an SMTP service to send emails, the messages are sent with the address you logged in to Gmail.
Currently the SMTP authentication is done by dovecot:
smtpd_sasl_type = dovecot
The server itself is really simple, no fancy custom per-user based stuff or multi-domain setup, just users SMTPing in, and sending emails. :-)
I know that smtp_generic_maps and sender_canonical_maps exist, but I coudn't find the way to automatically rewrite the senders address.
By automatically I mean not one-by-one in a separate file.
Thank you for your help!
I've registered at CACert to get a trusted certificate for my domain example.com, when I want to add the domain in the CACert control panel I have to select a email adress that is used for this domain:
The CACert FAQ states that there is currently no other way than getting an email at one of the specified email accounts. I currently don't have an email server running on my server to receive that email, but I tried to run one and it didn't work. Of course I could have read the documentations for the email server and try to get the server working, but is there a simpler way of receiving that email, because I just need that one email and it would be a realy big effort to run a full email server for this? Can I maybe redirect a email that is send at admin#example.com to my email adress at yahoo? With OS I'm flexible, I can use Windows or Linux, I just want to know the easiest way of receiving that adress.
Thanks in advance
No, there isn't another way of verfifying. But you easily setup an smtp server with postfix to receive the email
At http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0030_Integrate_your_app/0030_Signing_Into_and_out_of_Intuit_From_Within_Your_App/Sign-in/Implement_SSO_and_OpenID_in_Your_App
it says the following:
"Intuit does not verify the user email address associated with the user's OpenID account. Therefore, do not use the email address for authentication and do not link user accounts based on email address."
What does it mean "do not use the email address for authentication"? I mean, isn't the user already authenticated, through OpenId.
Also it says that the user email address is not verified. But what if my app needs to send an email to a user that has logged through OpenId. How can I be sure the user will actually get the email? What is the recommended pattern to handle that?
Thanks
EDIT: also, can I use the email to uniquely identify a user, and if not, what should I use to uniquely identify a user from the open id response?
EDIT 2: also, is the developer charged when a user logs in with open id and the 36 day trial expires? Or is it just when using the "Connect to quickbooks" that the developer is charged, in which case, open id authentication itself is free?
Clement,
It means when a customer goes to the Intuit Appcenter and creates an account the email is not verified immediately, so you cannot single sign on a user based only on their email address if they already have an account in your system. You need to prompt them to login one time to map the two accounts.
If they are completely new then you can auto provision an account on your side and single sign them in, if you require the customer to verify their email address then you can send them a verification email.
thanks
Jarred
I am specifying "FROM" address usinf setFrom() method, But i still receive mails having "FROM" address of SMTP authentication mail id. and want to set the "FROM" address dynamically. which keeps changing. What is the RFC282 standard to achieve this.
The solution from google is this
Gmail lets you send messages with another of your email addresses listed as the sender instead of your Gmail address. This feature helps you manage multiple accounts from the Gmail interface; it works only if you already own the email account linked to the alternate address
Select the Accounts and Import tab (or Accounts tab, if you're using Google Apps).
Under Send mail as, click Add another email address.
In the 'Email address' field, enter your name and alternate email address.
Choose one of two options:
Use Gmail's servers to send your mail (this is easier to set up)
Use your other email provider's SMTP servers (we recommend this option for professional mail accounts or domains). Note for Google Apps users: Depending on your domain2 type, this feature may be disabled by default. Talk to your administrator if you have any questions.
If you choose to use Gmail's servers:
Click Next Step >> and then click Send Verification. Gmail will send a verification message to your other email address to confirm that you own it.
Open your other account and either click the link in the message Gmail sent or enter the confirmation code in the Accounts section of your Gmail settings.
For more info, follow the below link
https://support.google.com/mail/bin/answer.py?hl=en&answer=22370.
The overhead involved is that any new from address needs a alias to be set in Gamil authentication mail account. Its not suits for enterprise salable app.
Other solution is You can install a mail server (hmailServer). This server allows you to set the custom from address
If any body knows other solutions, please suggest me.
It's up to your mail server. Often mail servers will prevent you from using any From address other than your actual login name. This helps prevent spam. Depending on your mail server, there may be ways to convince it that you should be allowed to use other From addresses.
These are two different things that you are talking about:
The id that you are mentioning is part of smtp handshaking protocol which usually is mapped to "Return-path" field in mime-header.
Whereas the id that comes in "FROM" field which actually is displayed in mail-list is been appended by the mail server when u compose the mail.
So if you can modify the mime header then make sure that "FROM:" field contains the id that yuou want to set not the smtp authentication id.
btw its rfc822
Have worked for rediffmail technical team in order to develop and enhance smtp, pop and imap protocols
Its depends on your mail server and configuration setting