We currently have two domains, domain1.com and domain2.com
There are Google Apps/Email accounts for each domain.
I would like to migrate the accounts from domain2 over to domain1 so that when you're signed in to account#domain1.com you can send and receive messages from both domains.
I have done this before with my personal gmail however never domain-wide with numerous accounts.
Is it even possible to map all of the addresses like this without having to sign in to each individual account?
You need to migrate the all data (more info). The email portion of the migration (unless you use a third party tool) will be the only part that will be done at an admin level. The rest will need to be done on a user by user basis.
Once you've moved added the data from domain2.com > domain1.com, you need to delete the Google Apps account for domain2.com and add it as a secondary domain or domain alias for domain1.com. If you don't want uses to be logging in with user#domain2.com and only want them to send/receive as #domain2.com, an alias will likely be the best. Info on adding one of these can be found here.
The final step will be setting up a send as on each account so they can also send as their #domain2.com addresses (they'll automatically receive if you add as an alias). These instructions can be found here.
Good luck!
Related
I'm currently running a SAAS application and mails are being sent from our application using Mailjet.
Some of the larger customers have been asking to allow the emails to be sent from their domain (e.g. info#largehotel.com) instead of our system (notifications#saasapp.com).
Are there any initial pointers I will need to look at? I'm guessing they will need to add our SPF records to their SPF records too and that they will need add a DKIM key that we generate for them to add to their records too? Then do some validation on them on the DNS level and mark them as validated?
I have some understanding to have customers run their own domain against our SAAS domain but a bit lost on the sending from their email domain requirement.
First, for the record, my SaaS platform does this (vía option 2b). It’s an e-commerce marketplace and I need the receipts to be sent from the email address of the product seller, not from me (the marketplace)
You have two(ish) options
Send email through your client’s mail servers (instead of mailjet)
Verify the client’s domain on your Mailjet (or similar email) service
option 1
With option 1, you’ll need to ask your client’s IT team to setup a username and password for you to access their SMTP server. This is essentially just like them creating an email account for you to use. This may seem like the easiest path available for you, but there are potential pitfalls and disadvantages:
Doing this, you will lose the mail open/click/bounce tracking functionality you get with mailjet; because you’ll be using the company’s SMTP server instead.
If you’re sending out as a fairly common email address (eg info#your-client.com) the client may already have that account active on their mail servers. That would allow them to receive replies into the existing infrastructure but make them wary of the security issues with sharing a password to their mail server with you.
You might find that they don’t even have the ability to give you a username and password. Modern mail services don’t allow for SMTP access (which is what your web app will need); and security conscious companies require 2 factor authentication on mail accounts (which your web app can’t answer)
Option 2
For this, you will need to ask their IT team to configure some DNS records to prove to mailjet, and to the email recipient, that you’re allowed to send on behalf of your client.
You did this for your own domain when you first setup mailjet. See https://app.mailjet.com/support/how-to-add-a-sender-address,96.htm for what this involves, but it’s a case of asking the client to configure a DNS record.
That tells mailjet that you’re allowed to send on behalf of that domain; but you’ll also want the client to adjust their SPF and DKIM records so as the recipient of the emails knows to trust Mailjet’s servers with emails sent from your client’s domain name. Normally, recipients only trust email sent from your client’s mail server (which you have as option 1) and distrust email sent from SAAS providers.
You will (or should) have done this on mailjet for your own domain already as well. https://app.mailjet.com/docs/spf-dkim-guide
So for this, you’ll need your client to setup 3 DNS records.
If you go this way, you could setup a separate Mailjet account which they and you have access to. That way they ca see their dashboard directly and feel a sense of ownership and security around it. But you won’t be able to markup the price of it 😜
Conclusion
How important is the tracking? If you can’t lose that you need to go with option 2.
How technically savvy is the client? Are they going to be able to have those DNS records changed? Are they going to be (rightly) security conscious around giving you an account on their main mail sever.
Option 2 would be my preference. You might need to hold their hand through the DNS setup so get it configured on Mailjet (And ask about SPF in here to make sure you get it right) so you can provide them with clear instructions of the specific 3 DNS records to create/update.
Whatever approach you take make sure you’re talking to the right people at your clients side soon. Their marketing team may be keen to do this with you, but if their IT feels left out of the conversation they will be difficult to get on board when you need them to make the changes. Us IT folk can be grumpy and obstinate 😀
your web app
This is going to need some adjustment. You probably already store your Mailjet credentials in a file or environment variables; these might need to move these to a dB table so you can relate credentials with specific accounts. But we’d need more info on the web app to be able to speak more to that side of the challenge.
option 2b
just as a note instead of a real suggestion. Be aware that some email service provers allow the sending verification part to be done by sending an email to someone on that domain (eg admin#yourclient.com) and then allowing sending vía the API if the recipient clicks on the approve link on that email. But, even with that setup you still need the client to configure SPF and DKIM on their DNS, so the extra one record isn’t a big ask. AWS’s SES allows for this. This works for me; but I have different requirements around deliver ability, and a large number of non-tech users (as opposed to your one or two big clients)
you can ask your client to generate programmatic(app key/password) user for email need to use for example info#largehotel.com and some other info like (host:gmail, protocol: smtp,...) all basic info needed then in your saas retrieve all this info to create object with client info that you stored before to send email for the target (from developer prospective non network engineering )
The SPF is the most important think to do. In most cases you have to be very careful about the IP reputation, but since you are using Mailjet it's up to them to manage this part.
Be attentive to the overall quality of the email, text/image ratio... Also offers a text body version of the content and dont forget the unsubscribe link. Since you already send emails with your service, I guess it's points are already correct.
I'm trying to understand a few concepts around sendgrid, whitelabeling and different servers that I plan to deploy the same sendgrid account in.
So my questions are:
1) Is whitelabelling purely for masking the via sendgrid.me and will I have any issues if I dont use it with my current setup(i.e. same account on several domains)
2) How does sendgrid deal with messages that have a "From" email that doesnt match the domain the email is sent from? Cause I read that it would silently drop them but instead I see that emails do get delivered however the statistics in sendgrid's dashboard are not being updated.
3) Upon creating a demo account I was asked to provide the domain from which the emails will be triggered but since I want to deploy this in several different domains will I need multiple accounts or is there an alternative option when you go for a paid plan?
Mike
Yes - whitelabelling will replace the sendgrid.me with your own domain.
You can also setup multiple domains inside SendGrid and assign each to a subuser. That will get you one SendGrid account, with multiple whitelabelled domains and separate sender reputation for each.
SendGrid will attempt delivery of whatever you ask it to send -- if you send an email with a different from domain than the signed sending domain, it's up to the receiving mail server to decide whether to block, flag as spam, or allow the email. Different receiving domains will behave differently.
It's generally best practice to always have your from domain match your signed sender domain.
Once you have one domain setup, you can setup additional domains using SendGrid subusers -- more info here.
If you have a complicated multi-domain setup, you might want to check out a templating API, like sendwithus, for making things easier to manage. They'll integrate directly with your SendGrid subusers on your behalf.
I have a web application that allows registration and authentication through Facebook, Google and Windows Live. Each OAuth request has the required scope to retrieve associated e-mail addresses from the authentication provider.
The current situation is that an account is created based on the provider and the provided identifier. This means that if a user has logged in with multiple providers the user will have multiple accounts on the web application.
I want to have the ideal situation of having a single acccount even when using multiple providers. I was thinking about using the e-mail addresses to see if an account exists for the user. If it exists, use the account based on the e-mail address.
How safe/reliable is this? Do all OAuth providers mentioned validate e-mail addresses? Better ways?
EDIT: Ran a tests and came up with this. Still looking for further advice :)
FaceBook: Cannot authenticate with unvalidated e-mail. Additional e-mail will not appear until validated.
Google: Provides `verified_email`. Additional e-mail will not appear until validated.
Windows Live: Cannot authenticate with unvalidated e-mail. Additional e-mail will not appear until validated.
Interesting question. You could try to use e-mail to check if user exists, but the problem is, user could be using different e-mail addresses for different providers.
My suggestion would be asking user (once he/she logs into your application using one of the methods) to attach other providers to to this account, so he/she can use them as well to log into your application.
It doesn't completely solve your problem (I'm not sure if solution exists), but user will have more control that way and you'll reduce the amount of accounts per user.
The problem is -
" I have to design one website, which will contain number of blocks. Each block will refer to different email client. That means, a user of this site can see his/her all mail clients in one one blocks."
The user will provide his/her existing mail clients information (Username and Password) at the time of registering into this site.
So, when user comes to the site he will login by providing username and password of this site (and not with user name or password of any of his mail clients) and he will see his home page containing all his existing mail clients opened directly in one one block (without logging in to any of the mail client).
Basically, this website will help the user to use all mail clients in one page.
Will anybody suggest how to do this task ?
It will be better if working codes will be provided.
This sounds quite difficult - you will need to make a good web mail client, and it is very hard to compete with the existing services in this area. For instance, it would be hard to make a webmail client as good as the one gmail has.
If you can make a good webmail client, the rest is quite easy - the user would give login details for POP/IMAP services for each of their email services, and then you could make your server log in to each of them and pull back any mail to display.
It may be easier for you to purchase existing webmail client software, and then wire it up to a database containing user login details to make the website you require.
I've used this component in the past and may help with sending and reading emails/attachement from a variety of sources.
Rebex.net
my question is about the workflow of a web registration.
1) register with email + basic data
2) activate the account with a special secret link <- is this necessary?
3) allow the user to log in to the system
EDIT: I want to make the process as simple as possible without a password to choose/remember.
In more detail:
After a user is registering on a web site I sent out a confirmation with a generated password to login on the site and proceed.
Many sites sent an activation link first and then allow logging in to the system.
Is there any reason to do this additional step when I generate the password and sent it out to the user?
Thanks for your answers.
Is there any reason to do this additional step when I generate the password and sent it out to the user?
To ensure that the provided email address exists, and belongs to the person who registered the account.
I've noticed an increasing number of websites which skip this step. It seems to be a trend.
The purpose of the activation link is to guarentee that the email address provided by the user is one to which they have access. If you are generating a password and sending it via email to the user's email address, then the link is not required (because them logging in means that they read your email).
However, email is generally not a secure way to distribute information over the internet. You are sending them the password in plaintext, and you do not know how many people have access to that email account (e.g. a shared family account). I think you would be better off allowing the user to choose their own password at registration and then send them a link (offer to generate a password for them on the registration page, if you really believe that generating it is better).
The validation of an email account is usually to help prevent someone creating numerous accounts. This helps prevents spammers and various other bad people from attacking your site from different accounts.
In general you're trying to ensure that the person is who they say they are and that you have an outside means of communicating with them.
1 - to ensure that the email is belong to the registerd user.
2 - to make it harder to the people want to create many accounts (like forums where a single person have so many accounts to use them in voting or somthing).
I remembered a funny site that gives you a 10 minutes email , just to skip the process of creating a new email or even spamming your email by the sites you've registered in.
This way you make sure that the email address is valid and it will be more difficult for a spider to generate many users than without this step. Also, you might do a lot of things in your database when a user is registered and you can do these after the user is validated, to save time by not creating extra traffic on your database server for fake users.