Blocking inbound emails with google admin api - google-apps

We would like to block a malicious user from sending our employees emails automatically through google admin api.
For example, when we notice that user hacker#malicious.com sends our employees phishing emails, we would like to block it (malicious might be very similar to our domain name).
We can't find any option how to do this on admin-sdk.
However, we know that there are options to do this manually, since when we go to Apps-> Google Apps -> Settings for Gmail -> Advanced Settings on admin.google.com, we see several options to achieve this:
Blocked senders: Block or approve specific senders based on email
address or domain.
Content compliance: Configure advanced content filters based on
words, phrases or patterns.
Routing: Routing begins once you start delivering email to Google's
servers.
Receiving routing: Set delivery routes for inbound messages, and for
messages received from internal addresses.
How can we block inbound emails with admin sdk?

There's no API to manage blocked senders list in the Control Panel. However, you can create filters for your users using the Email Settings API.

Related

Suggestions for email providers that allow mailbox creation via API and Forwarding Rules

I have a web application that utilizes several CRM types of emails for notifications, appointment reminders, attachments for digital sales and such. My clients can use my own admin domain email account to send these emails (no-reply email), or they can provide credentials for using their own SMTP server or relay service so that any emails that are replied to are sent to them (vs a no-reply admin email).
However, I'd like to try for a 3rd option where I can create an email mailbox on my a domain like so:
client1#mydomain.com
client2#mydomain.com
...
And then I would apply a forwarding rule on each one to send any replies to their personal email accounts so they wouldn't have to have their own SMTP service.
Now I can do this using providers' interfaces, but I'd rather do it with an API so I'm not having to manually create mailboxes and setting forwarding rules.
Currently I'm using AWS SES for my domain emailing, but I've searched for hours and the "solution" to create mailboxes and create rules to forward are ridiculous.
Are there any other email providers out there that make this easier? I don't need anything fancy except the ability to create a bunch of email mailboxes via API (preferably with a high limit of mailboxes) and the ability to create the forwarding rules via API.
Or can anyone recommend a good email provider that allows for a lot of mailboxes and makes forwarding really easy (and of course cheap).
Like "cringe" GoDaddy Email or something similar??
After a lot of research, this procedure doesn't really make sense these days. There are a lot of relay email providers that make it easy to set up "Senders" so that emails can appear to come from any kind of email account (personal or domain based) for ease of use with applications

Sending email from GCE or AWS on behalf of users

How could I use Google Compute Engine (or a similar service, like AWS) to send email on behalf of users via their SMTP server?
I am interested in building an online email client which allows users to enter their SMTP and POP servers and send/receive email, like they would with their desktop clients. GCE blocks all SMTP ports to prevent abuse and recommends using a mail service like SendGrid instead. However, after researching dozens of these services, they all seem to only support transactional email using their own SMTP servers, or possibly a pre-cleared smtp server. I simply want to send email using the user's SMTP server (ex smtp.mail.yahoo.com), just like they would if they were using a desktop client.
I realize I could host my own servers but I am not interested in maintaining the infrastructure. I would like to host everything on a cloud service. Is there any way I can work around Google's restrictions with an existing service?
As I'm sure you are aware, you would have to have the user enter their SMTP server information and account credentials. You would then use that information to connect to their SMTP server.
By default AWS EC2 instances have SMTP traffic on port 25 rate limited. To remove this limitation, you would need to fill out and submit the following form:
https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
If you're looking to send mail as a Gmail, Hotmail, or Yahoo user, you'll probably want to call the service's API to have the server send mail on the user's behalf. There are several benefits of this:
You'll need to get authorization from users (usually via an OAuth flow)
in order to access their mail. This means that users shouldn't be
surprised that you're sending mail from their accounts, and they'll
have some control over your access.
The mail will be signed and come from the appropriate IP addresses to
comply with the various spam-control mechanisms set up by those
companies. Without this, it's likely that the mail you send will end
up in the bit-bucket of the recipient.
By using the API, the service should be able to keep a copy of the
sent mail in the user's outgoing mail folder. This will let the user
see and search for the original message sent if they want.
Unfortunately, this may also mean that each mail service you want to send from will need separate integration, and that you may not be able to send as the user's email address from smaller providers.
Note that the App Engine mail API allows you to send mail as the currently logged-in user (when logging in, users have a similar consent screen to the OAuth process mentioned above).

Use sendgrid from multiple domains without whitelabel

I'm trying to understand a few concepts around sendgrid, whitelabeling and different servers that I plan to deploy the same sendgrid account in.
So my questions are:
1) Is whitelabelling purely for masking the via sendgrid.me and will I have any issues if I dont use it with my current setup(i.e. same account on several domains)
2) How does sendgrid deal with messages that have a "From" email that doesnt match the domain the email is sent from? Cause I read that it would silently drop them but instead I see that emails do get delivered however the statistics in sendgrid's dashboard are not being updated.
3) Upon creating a demo account I was asked to provide the domain from which the emails will be triggered but since I want to deploy this in several different domains will I need multiple accounts or is there an alternative option when you go for a paid plan?
Mike
Yes - whitelabelling will replace the sendgrid.me with your own domain.
You can also setup multiple domains inside SendGrid and assign each to a subuser. That will get you one SendGrid account, with multiple whitelabelled domains and separate sender reputation for each.
SendGrid will attempt delivery of whatever you ask it to send -- if you send an email with a different from domain than the signed sending domain, it's up to the receiving mail server to decide whether to block, flag as spam, or allow the email. Different receiving domains will behave differently.
It's generally best practice to always have your from domain match your signed sender domain.
Once you have one domain setup, you can setup additional domains using SendGrid subusers -- more info here.
If you have a complicated multi-domain setup, you might want to check out a templating API, like sendwithus, for making things easier to manage. They'll integrate directly with your SendGrid subusers on your behalf.

How to forward a copy of sent,receiving emails of Google Apps users

In my Google Apps account I am the Administrator. what I need is I would like to track all emails of my users by getting them in my email box. is it possible?
See this link about Email Log Search for Google Apps. You will not get the emails in your inbox but you get a track of them in this tool. You also have different search criteria to filter your results.
Email log search gives administrators the ability to sift through the delivery logs for their domains and evaluate message transit. This is useful for tracking down a sender or recipient's missing messages, such as those that have been quarantined as spam or otherwise routed incorrectly. Use this tool to determine the IP addresses sending and receiving mail or troubleshoot how policies affect mail flow.

How to provide tenants in SaaS application with their #companyName.application.com specific email services?

In our SaaS application each company (tenant) is given their custom domain like companyName.ourapp.com
We would like to provide some email services like:
Ability to send and receive email notifications from info#companyName.ourapp.com and similar addresses
Ability to create new email accounts in clients' subdamains at runtime, programmatically, when needed. For example we would have separate emails created for each "opening" so that emails sent to this address would be parsed info would be extracted
Similar tasks
For now I just don't even know on where to look and how this could possibly work.
As far as I understand email it should be some kind of custom mail server (SMTP) serving all sub-domains and having API we can use to send emails, list and retrieve messages etc.
Please suggest how it may work and is there any components out there we can use to implement this.
There are three options for this.
Create an email server and programatically configure it to accept or deny the specific accounts. Then use cron to poll via pop3 or imap and download the messages for the account. You can then send them on for the customer or handle them in your web app.
Create a script that is fired by the email server as it receives each email. The script can then handle what to do with the email as it's received.
Use a third party to receive the email via HTTP Post at your app. Using CloudMailin for example would allow you to create a custom authorization filter that would call your app in realtime and determine if the given account exists and messages should be accepted for it.
I wrote a blog post for Rails about receiving incoming email, however the principals would apply to any programming language and framework.