Google has announced that as of May 30, apps that previously were able to send SMTP mail through a Google mail server (smtp.google.com, along with the client's credentials) would no longer work unless connecting using OAuth2 (even when "allow less secure apps" is on).
Our website currently sends out various emails (welcome to the site, order confirmations, etc) through our Google GSuite mail server using PHPMailer. But it does not connect to the mail server with OAuth or any advanced security login.
I believe Google considers our website's connecting to our gmail server to be an "app" since the connection previously would not work unless we went into our GSuite account and set "Allow less secure apps" (or whatever the specific wording is for allowing less secure apps to connect).
So given all of the above, I assume our site will be affected when Google enforces their directive on May 30.
However, in the admin.google.com section of our account, there is a checkbox that states: "Trust internal domain-owned apps" that is currently set. Further, it also states for this checkbox: "Internal domain-owned apps will be exempt from accessing OAth scopes that are restricted or blocked".
So my question (finally! :) is: given that checkbox is set, do I need to modify the PHPMailer sending of email from our own website to use OAuth2 before May 30? Or does that checkbox allow our site to continue to connect to our gmail server and send emails as before? (both the website's domain name and our google account name are identical).
Google workspace should not be effected by the removal of less secure apps.
If that changes in the future you should consider switching to using a service account and the gmail api instead of using the smtp server. If you configre domain wide deligation on the service account to a user on your google workspace domain you will be able to send emails without any issues.
Related
I am using mailgun.com for occassional mass-mailings. Would it be possible to also use it for sending personal emails from me and my wife? The specific problem is that email errors (e.g. "Recipient not found on the server") are only available in the mailgun console and I'd like for them to be received as an error emails sent back to the sender (as is the case with "standard" personal email services). Is it possible to set this up at mailgun.com?
Alternatively, is there a cheap (or even free) SMTP server available for sending emails from the custom domain I own?
(Note that RECEIVING emails to our domain is not a problem, we have that solved using email redirection on my domain.)
Detailed explanation of our setup and reasoning: Behind the scenes, we are both using personail gmail accounts (e.g. me#gmail.com and wife#gmail.com) but we don't advertise these anywhere and our "public" email addresses are me#mydomain.com and wife#mydomain.com. Mydomain.com uses Cloudflare email redirection to redirect our incoming emails back to our Gmail inboxes. We used "Send mail as" GMail feature to send emails as "me#mydomain.com" and "wife#mydomain.com" through smtp.gmail.com but this solution requires us to have "Less secure apps" enabled on our Google accounts and Google seems to be phasing this solution out. The fact that our "real" Gmail addresses are visible in the email headers is not a problem for us.
Originally, we've used free "legacy" Google Workspace accounts on mydomain.com but those are now also being phased out by Google. So we are looking for a SMTP server.
Answering my own question:
I have found that smtp2go.com (which provides very similar services to mailgun.com) provides this option. Your SMTP account can be configured (in the "Advanced" tab) so that bounced email reports are delivered back to the sender's mailbox (or to different mailbox). Additionally, smtp2go's services are free if you send less than 1000 emails monthly so this seems like perfect solution to my problem.
How could I use Google Compute Engine (or a similar service, like AWS) to send email on behalf of users via their SMTP server?
I am interested in building an online email client which allows users to enter their SMTP and POP servers and send/receive email, like they would with their desktop clients. GCE blocks all SMTP ports to prevent abuse and recommends using a mail service like SendGrid instead. However, after researching dozens of these services, they all seem to only support transactional email using their own SMTP servers, or possibly a pre-cleared smtp server. I simply want to send email using the user's SMTP server (ex smtp.mail.yahoo.com), just like they would if they were using a desktop client.
I realize I could host my own servers but I am not interested in maintaining the infrastructure. I would like to host everything on a cloud service. Is there any way I can work around Google's restrictions with an existing service?
As I'm sure you are aware, you would have to have the user enter their SMTP server information and account credentials. You would then use that information to connect to their SMTP server.
By default AWS EC2 instances have SMTP traffic on port 25 rate limited. To remove this limitation, you would need to fill out and submit the following form:
https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
If you're looking to send mail as a Gmail, Hotmail, or Yahoo user, you'll probably want to call the service's API to have the server send mail on the user's behalf. There are several benefits of this:
You'll need to get authorization from users (usually via an OAuth flow)
in order to access their mail. This means that users shouldn't be
surprised that you're sending mail from their accounts, and they'll
have some control over your access.
The mail will be signed and come from the appropriate IP addresses to
comply with the various spam-control mechanisms set up by those
companies. Without this, it's likely that the mail you send will end
up in the bit-bucket of the recipient.
By using the API, the service should be able to keep a copy of the
sent mail in the user's outgoing mail folder. This will let the user
see and search for the original message sent if they want.
Unfortunately, this may also mean that each mail service you want to send from will need separate integration, and that you may not be able to send as the user's email address from smaller providers.
Note that the App Engine mail API allows you to send mail as the currently logged-in user (when logging in, users have a similar consent screen to the OAuth process mentioned above).
I have a domain which uses Google Apps for Business to handle email. I already have it mostly set up--MX records point to the correct location and my domain is verified.
I'm now writing a python app (with Django) that will need to serve mail from my domain. What's the correct way to do this with Google? Should I create a Google Apps "user" for the organization as a whole, and then authenticate via SMTP as that user and send mail from there?
The Gmail API says that it
is the best choice for authorized access to a user's Gmail data.
and that
Automated or programmatic message sending
is a typical use case. However, I'm not trying to access a user's data or send mail on behalf of a user, but on behalf of my domain. What's the correct way to proceed?
Any help much appreciated!
You could use SMTP or the Gmail API based on your description. In both cases, you'll need some sort of service account to send mail from. With SMTP, as you mentioned, you'll be authorizing via the instructions you linked.
If you choose to use the Gmail API route, you'll be authorizing the API usage with the account. The Gmail API has many other use cases (e.g. to access user's data) but you're only using it to send emails on behalf of a service account you control.
We currently have two domains, domain1.com and domain2.com
There are Google Apps/Email accounts for each domain.
I would like to migrate the accounts from domain2 over to domain1 so that when you're signed in to account#domain1.com you can send and receive messages from both domains.
I have done this before with my personal gmail however never domain-wide with numerous accounts.
Is it even possible to map all of the addresses like this without having to sign in to each individual account?
You need to migrate the all data (more info). The email portion of the migration (unless you use a third party tool) will be the only part that will be done at an admin level. The rest will need to be done on a user by user basis.
Once you've moved added the data from domain2.com > domain1.com, you need to delete the Google Apps account for domain2.com and add it as a secondary domain or domain alias for domain1.com. If you don't want uses to be logging in with user#domain2.com and only want them to send/receive as #domain2.com, an alias will likely be the best. Info on adding one of these can be found here.
The final step will be setting up a send as on each account so they can also send as their #domain2.com addresses (they'll automatically receive if you add as an alias). These instructions can be found here.
Good luck!
We want to offer users of our (web-based) personal document management solution the possibility to import documents sent as attachments to their GMail addresses.
Our current solution of just allowing our users's to store their login credentials in our web app and then using this to access the user's GMail inbox via IMAP is not only suboptimal from a security standpoint (we'd rather not store the login credentials, if possible), it also sometimes (maybe when we're polling too often or for too many users's) leads to the login attempts of our app being blocked by GMail. We get the error message "[ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754" from the IMAP server and our user's report that they see that GMail has blocked some "possible hacking attempts" or similar.
So my main questions are these:
Would switching to OAuth for authentication (and still using IMAP to check our user's inbox, just authenticated with the OAuth tokens) help in this situation? I found documentation on how to do this, I just want to know if it would help in this situation.
Are there any guidelines/quotas/restrictions on how often we should / are allowed to poll a user's inbox (or how many connections we open to GMail in parallel etc.)? I couldn't find anything about this in the developer docs at Googles site.
Is there any other way besides IMAP to be able to import attachments from GMail messages into our app?
Answers to your questions
1.Benefit of using OAuth is that you are not storing user's credential directly.So you will redirect user to google login page,where google will authenticate user and provide you an access token and refresh token,you can then access user's emails using access token and google API.Refresh token is to regenerate that access token.
2.Since gmail supports IMAP4 protocol with Idle you can use it to accept real-time notifications from gmail server when new email comes(you dont need to poll gmail every time)