Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 4 years ago.
Improve this question
I don't know if this is possible or not, so before i get too far down the rabbit hole I wanted to ask the community.
I have an email that was sent by person "a", to person "b", "c" and "d".
This email was then forwarded from either b,c or d to a person "e"
Finally person e has replied to that email to person a, but has deleted the text in the email that shows who sent the email to person e.
I can see in the message header from person e, the "in-reply-to" message ID isnt the message ID of the original email from person a, and has an extra reference in the header which will be the email from the mystery recipient that forwarded this to person e.
The question is, is there any way or recovering or tracing who this unknown individual was?
The only information you have to go on in this situation is the header information in the email. The “Received-from” variables there can tell you a little about the routes the email have been taken prior to ending up in the inbox. Also, if a message have been forwarded more than once, many email clients creates another “Message-id” thus losing the link to the original message. In most cases the contents of the message is still present in the email.
So in short, there are no reliable information in the message headers to determine who the mystery user is, and there is no way to be certain that there actually is such a “in-between” user based on just the message headers to begin with.
Related
This question already has an answer here:
Reply to an email in Gmail with AppScript with changed recipients ends up in a new thread
(1 answer)
Closed 3 years ago.
I'm trying to write a function that sends reminders to all who don't replied within a few days.
The problem is: createDraftReply() and reply() will set recipient to my own mail address because the docs say:
Reply to the sender of the last message on this thread using the replyTo address.
The last message, which should be replied to, is from me of course. The reply button in the gmail web interface sets the recipient "correct". In this case to the recipient from the last mail. I saw no way to do this with the provided Apps Script methods.
The next idea was to create a draft and then update() it with the "correct" recipient. Unfortunately this breaks the reference to the original message. After analyzing was is going wrong I found out that after updating the drafts recipient the mail headers References: and In-Reply-To: disappear.
How can I set this headers to accomplish my goal?
To get this done, you have to activate Advanced Gmail Service and use Gmail API in your script. You have to create a message resource in which you can specify the threadId it will belong to and the recipient(s) to send it to, and then send() the message.
As explained in the answer to this question, the update() is not working because when you update a Draft (in this case, change the recipient address), the existing thread information disappears and you have to rebuild the message.
I'm not gonna go through all these steps, but if you have problems in the process of writing this, I'd advice you to check the answer I provided the link of.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I need some help with a problem I'm facing with Yahoo mail. To summarize, here's my situation:
I have a simple e-commerce site with some users signed up. Some of them, uses Yahoo mail. When they buy an item, an email is automatically sent to them with the purchase details and a link to: https://example.com/item/item_id.
I used outgoing SMTP GMail server. The problem: Yahoo (only Yahoo) is rejecting my emails. The reason: "554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120]". I have this same issue if I try to send an email with a link to my site even directly from a Yahoo mail.
Searching in Yahoo forums, I found this post, in which the user who ask, has the same problem, but the moderator of the site gives a solution that (to me) doesn't make much more sense.
Does anyone have an idea of what can I do? I need to be able to send mails because I'm in production and I need this mails.
I will be so gracefully for your help!
Regards!
It's because Yahoo thinks the email you sent was a phishing attempt. Try sending a simple email with nothing fancy and see if it goes through. Theirs's probably something in the HTML it doesn't like.
I have found the solution.Yahoo rejects email if you use any numeric value in email URls like (444email.png) or any image name with numeric values.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 months ago.
Improve this question
I receive e-mails from various senders, and when I view them in Google Inbox, either on inbox.google.com, or on the Android App, some have an icon in a circle next to them... others just have a letter.
BitBucket, for example, has a nice icon when they send me an e-mail:
The question:
Does Google Inbox fetch this picture with some kind of G+ magic, or are certain e-mail headers involved here?
How do I implement this in my own solutions when sending out e-mails?
ReturnPath has a detailed blog post about how they did it: https://blog.returnpath.com/creating-profile-image-gmail-subscribers/
Highlights from their post excerpted below:
Because our reply-to email address was set up as an alias for people
to email ... we had to turn that reply-to email address into an
actual [Google] account.
Add logo as profile picture for Google Account.
Ensure that your DMARC record is built.
If in doubt, talk to your ESP.
I am part of Stack Overflow Marketing department; we haven't tried this yet, but it is on my email to-do list.
According to MarketingLand.com
Display Your Logo As The From: Address
One of the great things about the new Inbox by Google is that it is
more visual. The sender of an email is displayed by an icon rather
than a plain text From: address. This is similar to Gmail’s Grid View
and works by:
Having a verified Google+ business account
Authenticating with SPF and DKIM
Registering with Google
The official solution is to reference a Verified Mark Certificate (VMC) in your BIMI record. This handles all of your email addresses at once. Your logo needs to be registered as a trademark, and you will need to purchase a VMC from DigiCert or Entrust. The cost to register a trademark is roughly $660, plus attorney fees, and the cost to purchase a VMC is $1,499 per year.
However, there is a free alternative solution for anyone who can't afford a VMC.
Create a Google account with your company's email address.
Change the profile picture to your company's logo.
Wait up to 48 hours for the logo to become visible in the inbox.
Do not create the Google account using the "To manage my business" option. This account type isn't able to change its profile picture, and the account type can't be changed after its created.
For everyone else:
First, you will need complete the BIMI specification. Then, you will need to complete any additional requirements that each email service provider may have to display the logo in their inbox. This tutorial walks you through the process and explains everything you need to know.
I see this in a mail from a sender with a hotmail account. So it is not necessary to use a gmail account on the sender side.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I'm trying to send an email with a Gmail Schema embedded. Currently, there is a restriction that says the schemas will only be visible if you apply to be whitelisted, but you can send emails from yourself to yourself to test.
I followed Google's scripts tutorial and was able to get myself an email. When I sent the exact same HTML email via mailgun, however, the Action does not become available in the inbox view.
Email sent via Google Scripts
vs
Email sent via Mailgun
According to Google's requirements, we require DKIM, but from the headers it looks as if Mailgun provides them. Mailgun clears out whitespace with =2Ds, but the Google Script doesn't.
Any ideas? I've got a pending application for getting whitelisted, but in the meanwhile I'd like to be able to develop and iterate.
Google actions will work if you send an email to yourself; but aside from that, they will not work until your pending application has been approved and activated.
Even then, in your application it's required that you specify the address and domain that will be sending the emails, and that you have the proper authentication. So even after you are approved, they will only work if you send from the domain and email address you requested approval for and as long as you still have the proper authentication measures in place.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
As per this question I asked previously on Google App Engine, if I have access to all the information in a standard email, not just the From, To, Subject, Body fields, but also all the headers and MIME information, how can I verify that two incoming emails with the same From address are actually from the same sender.
What I've considered thus far:
Check the IP address of the email's sending server
Check the DNS records of the email's sending server
Verify the sending agent of the email (i.e. web interface, Outlook, Thunderbird, etc)
Check the reply-to field
Etc.
I realize this is a complicated question (I'm sure companies like Posterous have spent tons of time on this problem). I'm just looking for a few criteria to get started preliminarily. Thanks!
Update:
The answers so far are really helping, but just to help them out, the context of my project is that I would be receiving tons and tons of email as a web app from my users. They would use their email as the primary way of inputting data into my system. This I why I made the Posterous analogy. The use case is very similar.
You're right that all of the headers together, and 'known good' email to compare to can help identify likely spoofed emails.
What you're developing would probably be at best a heuristic rather than an algorithm.
I'd consider weighting the fields by time-of-day and how close to 'known good' emails' time-of-day ...
Also, if the 'known good' emails are structured differently than the suspect; i.e. Inline images, html, shortened url's, etc.
Why not run the emails through spamassassin or some such filter that will attach a bayes score. You can then just read that score. It will save you reinventing the wheel.
You could bayes score the email against a database of all previous emails from the individual.
There is also looking up the Sender Permitted Framework and DomainKeys, which SpamAssassin can do for you.
Probably not practical but something that would work:
When an incoming mail arrives, have a "reply to sender" function and simply ask if they sent it. This could be in the form of a confirmation link that is automatically generated or something.
But since I don't know the specifics of the project this may not be practical... like if you had to do this multiple times for each user, no one would put up with it.
Just to compliment my brothers posting earlier:
Not knowing the context under which you want to analyse this, and being very general I would suggest your first port of call is SPF or DomainKeys in order to limit the possibility of email coming from a rogue source being accepted. I would also recommend using only one SMTP server with SSL security. I do this and travelling worldwide I have rarely been in a situation I couldn't send mail and in those cases the only thing that did work was webmail (no safe local SMTP).
Additionally to that: if you are verifying mail is really coming from yourself then you could also use PGP tools to sign your mail upon sending and then filter any mail that didn't have a valid signature. Enigmail in Thunderbird is a good source of automatic signing and there are plugins for Outlook as well.
After that if you really want to do a more forensic job on an email then you could use a Spam Bayes to score the email against a database of previous emails. You would build up a database of tokens around the non-unique data (excluding entries such as "To:") and then score the email for the probability that it is like the previous emails. In theory you should score very highly for any mail.
Obviously I don't know your situation, but I think that there are many techniques but sometimes it is easier to go to the root of the issue than try and fix it down the line.
Update
Based on the context supplied:
I would consider using "Address Extensions" this is where your user can send mail to an address which contains a reference using the email address: emailname+extension#domain.com
GMail and many other servers support delivery of email with a +extension# through to the correct emailname#domain.com without hi-jinx. You could get the user to deliver mail with a unique ID as the extension and that way you would know it had come from them and they would feel more special. Obviously someone could steal their unique code by sniffing their outgoing or your incoming mail but that is always possible and if someone can do that they can probably inject mail as well.
If you really just want to go down the analysis route then I would suggest just using the reverse of a SpamAssassin per-user Bayes match. Where you compare every mail to a database of mails from a sender (instead of the traditional matching of mails 'to' an account). Remembering that once your database is polluted with a false positive you will have to remove the false positive or risk the integrity of the matching for that sender.
Maybe look into using Sender Policy Framework. It might not be exactly what you are looking for but it might help.
Briefly, the design intent of the SPF record is to allow a receiving MTA (Message Transfer Agent) to interrogate the Name Server of the domain which appears in the email (the sender) and determine if the originating IP of the mail (the source) is authorized to send mail for the sender's domain.
Ripped from wikipedia:
Sender Policy Framework (SPF), as
defined in RFC 4408, is an e-mail
validation system designed to prevent
e-mail spam by addressing a common
vulnerability, source address
spoofing. SPF allows e-mail
administrators the ability to specify
which Internet hosts are allowed to
send e-mail claiming to originate from
that domain by creating a specific DNS
SPF record in the public DNS record.
Mail exchangers then use the DNS
record to verify the sender's identity
against the list published by the
e-mail administrator.