I'm trying to find more ways to send big emails (with many large attachments) through Exchange Online.
The idea is that an app should be able to send an email as user (or potentially, a shared mailbox), but can't access existing messages inside user's mailbox.
Microsoft Graph API (Mail.Send, Mail.Send.Shared) - there is a 4MB total HTTP request size limitation (base64 encoding limits the practical attachment size to 3MB).
It's possible to create a email draft and upload the attachment with upload session, however it requires Mail.ReadWrite permissions and does not work with shared mailboxes (thats a known bug).
SMTP AUTH (SMTP.Send) - works fine even with shared mailboxes, needs a separate token for consent and sending (https://outlook.office.com/SMTP.Send scope). However it requires enabling it tenant wide or per mailbox. It's considered legacy/insecure, but in practice should be fine with XOAUTH2 & TLS (as long as Basic Authentication is disabled)? Size limit seems to be high - 150MB, but there is some throttling per mailbox.
Outlook REST API (beta/2.0/1.0) - similar to Microsoft Graph API, couldn't find any docs about request size limit. It deprecated and is getting removed in November 2022.
EWS SOAP API - probably can upload larger attachments, but requires a lot of permissions (https://outlook.office365.com/EWS.AccessAsUser.All) and it's also deprecated.
Right now it seems that the best way to go is SMTP AUTH, but it will require some setup on users side.
Is there any other non-deprecated option except SMTP AUTH which does not need extra permissions to entire user's mailbox?
Related
This question is a follow-up question to this one.
The problem is that my current E-Mail provider does not natively support DKIM-signing, but I need that DKIM feature to make certain API integrations regarding my emails (like sending emails from my payment service provider through my own domain).
The solution I'm starting to see, as long as my host does not DKIM-sign their outgoing emails, is to watch out for an email providing service that allows you to send emails in the name of your own domain including the DKIM-signature feature. Does such a service exist, via API call? I've no experience whatsoever in this area, and would be happy to know if such a setup potentially has a bad influence on delivery rates / other problems.
If the mail server signs using your domain and not theirs, and you post the matching public key in your DNS, it will all work fine. You do need to find a provider that lets you do that though, which they may do via CNAME records. Such services will often allow you to configure what the mail server does with your messages using additional params in an HTTP API, or via custom headers over SMTP, e.g. it might allow you to set a header like:
Sign-with-selector: myselector
Recommendations for services are off-limits for SO though.
I have a domain which uses Google Apps for Business to handle email. I already have it mostly set up--MX records point to the correct location and my domain is verified.
I'm now writing a python app (with Django) that will need to serve mail from my domain. What's the correct way to do this with Google? Should I create a Google Apps "user" for the organization as a whole, and then authenticate via SMTP as that user and send mail from there?
The Gmail API says that it
is the best choice for authorized access to a user's Gmail data.
and that
Automated or programmatic message sending
is a typical use case. However, I'm not trying to access a user's data or send mail on behalf of a user, but on behalf of my domain. What's the correct way to proceed?
Any help much appreciated!
You could use SMTP or the Gmail API based on your description. In both cases, you'll need some sort of service account to send mail from. With SMTP, as you mentioned, you'll be authorizing via the instructions you linked.
If you choose to use the Gmail API route, you'll be authorizing the API usage with the account. The Gmail API has many other use cases (e.g. to access user's data) but you're only using it to send emails on behalf of a service account you control.
I'm building a service which scans peoples email for specific PDF attachments and indexes them. I implemented this with OAuth2 for Gmail using their extensive Gmail API which works perfectly fine.
I now want to implement the same for outlook/live/hotmail. So I searched around, and I mainly read that you can "Connect to Outlook.com IMAP using OAuth 2.0" (tutorial here). The thing is that this implements a full IMAP connection. As far as I know this is more meant for aftermarket applications with which the user can view and send his email, not for applications which need to download some email in the background (like mine).
I haven't worked with IMAP from within code, but the main problems I see with this now is that:
If I read emails they will be set to "read" in the inbox of the user, which I obviously don't want (I don't want to interfere with the normal email usage of the user).
I will need to either stay connected with all email inboxes, or constantly loop through all email inboxes to get new emails.
My questions are actually;
Is there no other way than IMAP to get users outlook.com email?
Or are my problems actually not problems and should I just create an IMAP "receiver" for all the outlook email accounts?
In answer to point #1, according to Max, you can use body.peak to avoid this.
In answer to point #2, according to triplee, you can connect to all of the accounts and then use an IMAP extension called IDLE.
In answer to point #3, I found the Outlook REST API which includes options to read the email and you can call GET https://outlook.office.com/api/beta/me/messages on a regular basis to get all messages in the user's account or you can call GET https://outlook.office.com/api/v1.0/me/messages on a regular basis to get all messages in the user's inbox. You can find a full list of the REST APIs operations here.
In answer to point #4, I believe that some of your problems are problems and others aren't. I believe that you don't have any technical problems. However, I believe that you are correct that IMAP is not designed for applications like yours as is shown in the Wikipedia article on IMAP which reads (bold is mine),
In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501.
Also, in RFC 3501 which defines the original IMAP protocol it refers to email clients which from the absract reads (bold is mine),
The Internet Message Access Protocol, Version 4rev1 (IMAP4rev1) allows a client to access and manipulate electronic mail messages on a server.
I need a little help understanding a task I have been given.
I started work on a 'SharePoint focused' team and we are trying to create a SharePoint portal that would house/manage all incoming mail to a specific company email address.
We have had a couple of issues setting up SharePoint to accept incoming mail, so have begun looking at other possible options.
1 option that was suggested was to 'write a job' that would read our mailbox server (on Office 365), and then find, pull and migrate/copy selected emails onto the sharepoint site.
(something else we are also interested in doing is seeing what info we can grab from these emails at this stage which we can use to create various mail objects in sharepoint with the mail metadata. Not sure what limitations there are to what can be accessed, if anything)
Is somebody able to explain a little more the type of process or work that is required to do this (access Office 365 mail via some API which we can create a timed job for), and any experience or advice around it? Where would I start looking or how would I start implementing it, etc.
Thanks!
You combine couple of things together. SP can read incoming emails through locally installed and configured SMTP server. You can then setup document library or list to store them or create event listener to handle incoming emails completely by your own.
But both cases (OOTB functionality or event receiver) rely on local SMTP. If you want process emails from other server like Exchange Online you must either forward these emails to local SMTP server installed beside SP or you must create your own code. It can be SP job or any other type like windows service or console application executed by windows schedule, ... calling Exchange online API (designed specially for Exchange online) or MAPI or POP3 (generic using libraries) to get emails and calling SP API (CSOM, REST API) to store emails.
We want to offer users of our (web-based) personal document management solution the possibility to import documents sent as attachments to their GMail addresses.
Our current solution of just allowing our users's to store their login credentials in our web app and then using this to access the user's GMail inbox via IMAP is not only suboptimal from a security standpoint (we'd rather not store the login credentials, if possible), it also sometimes (maybe when we're polling too often or for too many users's) leads to the login attempts of our app being blocked by GMail. We get the error message "[ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754" from the IMAP server and our user's report that they see that GMail has blocked some "possible hacking attempts" or similar.
So my main questions are these:
Would switching to OAuth for authentication (and still using IMAP to check our user's inbox, just authenticated with the OAuth tokens) help in this situation? I found documentation on how to do this, I just want to know if it would help in this situation.
Are there any guidelines/quotas/restrictions on how often we should / are allowed to poll a user's inbox (or how many connections we open to GMail in parallel etc.)? I couldn't find anything about this in the developer docs at Googles site.
Is there any other way besides IMAP to be able to import attachments from GMail messages into our app?
Answers to your questions
1.Benefit of using OAuth is that you are not storing user's credential directly.So you will redirect user to google login page,where google will authenticate user and provide you an access token and refresh token,you can then access user's emails using access token and google API.Refresh token is to regenerate that access token.
2.Since gmail supports IMAP4 protocol with Idle you can use it to accept real-time notifications from gmail server when new email comes(you dont need to poll gmail every time)