I have an SES domain properly configured to deliver mail to an SNS Topic, which in turn, uses an HTTPS endpoint to deliver a mail object to the entered URL, but the "complete raw email" is not being provided by either SES to SNS, or by SNS to the endpoint; only the standard "Received" mail object with "common headers" is being delivered.
Setup - I have an SES ruleset that stipulates handling all mail with a SNSAction that points to an SNS Topic, and that SNS Topic has the HTTPS endpoint specified. SES and SNS are both in the same region, and the SNS HTTP endpoint has been verified.
Upon receiving an email, the SES rule fires and the SNS Topic specified receives an object, and SNS dutifully posts the mail object on to HTTPS endpoint, but without the "content" field, which is what I need (ok, I really only need the "to" address and the email body, but there doesn't seem to be an easy way to obtain JUST the body).
If you have thoughts on how to get the raw content and/or just the email body, I would greatly appreciate it.
Thanks
Related
I want to retrieve data from an applications back-end. I have to send the user's email via an API request from the front-end website in order to do this.
Is it good practice to send the user email in a GET request or a POST request? More specifically, is it good practice to not include a users email as a URL parameter because you don't want some other third party to see it?
Thanks
You'll absolutely want to make use of POST requests rather than GET requests for querying email addresses, as GET requests should never be used for sending sensitive information.
Bearing that in mind, you also have to take into consideration what you're doing with your endpoint to begin with. If you're simply requesting public information about an email address (such as resolving the server name or IP), then perhaps a GET request would suffice.
Keep in mind you cannot pass any authorisation headers with a GET request, so if you're querying something like whether the email address in question has a registered account on your website, anyone would be able to find out your user's email addresses by spamming requests until they got a 200 response (thus validating a registered email). And knowing a valid user's email address could serve as an attack vector at a later stage.
In short, you most likely want POST. Only use GET if you're purely querying information about the domain that the email is hosted on.
Well, POST-request is better for hiding GET-params from logs.
The best you could do - is encrypt data being transferred. You can use POST-request with SSL-encryption and it will be good enough for regular systems.
Email is sent using Amazon simple Email service form my website. When an email is sent to any Yahoo or Gmail address, it is delivered to Inbox; but when it is sent to Hotmail,it is delivered to Junk.
Why only Hotmail Treats my email as junk?
When an external user sends email messages to an Outlook.com account,
SmartScreen® filter technology evaluates the content of the messages
and assigns each message a rating based on the probability that it is
a junk email. This rating is stored as a message property called a
spam confidence level (SCL) within the message itself. The SCL rating
stays with the message as it is sent to other anti-spam protection
layers within Outlook.com. Rules inside Outlook.com are set to handle
email messages with various SCL ratings. If a message has an SCL
rating lower than a certain threshold, it is considered to be spam,
and a rule then deletes the message rather than sending it to the
user's junk email folder. If the message has a higher SCL rating than
the threshold, the email is delivered to the user's junk email folder
rather than to the inbox.
https://mail.live.com/mail/junkemail.aspx
Not all the Anti-Spam system depends only on 3rd party blacklists. Major email service providers builds their own reputation table in addition with the use of major 3rd party blacklists like spamhaus, barracuda etc. In your case, you are using Amazon SES to send mails.
I, myself found enormous marketing mails coming from Amazon SES. If the reputation of your email service provider is bad in hotmail then it may trigger the suspicious level of your mail regardless of your email service provider reputation at other blacklist providers. In addition to this, if your subject, body content contains some suspicious words then your mail will end up in junk folder.
Most emails sent from third party applications such as Wordpress, Joomla, or Amazon get diverted to junk and sometimes they fail and get stuck behind a security layer. I know for a fact with Wordpress Contact Form 7, this is the case many times.
After so many years and finally attending a seminar for this particular issue, I finally was able to solve this problem specifically for Hotmail (Outlook.com).
Before you do anything ensure your SMTP settings in your web config file (ASP.NET) are written correctly or in case of plugins (Wordpress) make sure the fields are filled correctly. This means ensuring these are the settings you are using for Outlook:
From: your email ("asdf#outlook.com")
From Name: "Your name or company name"
Host: smtp.live.com
Type of Encryption: TLS
SMTP Port: 587
SMTP Authentication: Yes
Username: Same you use to login (usually the complete email address)
Password: Enough said there
IMPORTANT - Send a test email even if it fails. The point is to trigger an activity in Outlook and have them flag it as an
unauthorized connection
Now, to the fix:
Go to Outlook.com
Login
go to Account Settings
Choose Security & Privacy
Click on "See my recent activity"
The most recent activity should be the fail attempt. Authorize it as a trusted connection.
Done!
Re-test and you shall see your emails showing in the inbox as an authorized connection. Doing these steps let Outlook know that your emails from Amazon are legitimate connections and not Amazon trying to spam your account with solicitations etc.
Mostly it is a email service provider specific thing but you can do below checks
Ensure valid sender email address
Try not to use keywords like gift, prize etc. which are preferably spam activities
Try using https://litmus.com which may help on this/ rendering email in different email clients
I'm trying to use the Instagram Realtime API with a Meteor app. Basically you can subscribe to a tag get latest posts.
So I need to setup a callback URL and send a post request with my callbackurl, the object & fields that I want to subscribe and a verify string. A Instagram server is sending a get request with my verify string and a random string (challenge) and the Meteor server has to respond to this with the challenge string.
I'm getting the following error serverside:
error_message: 'Challenge verification failed. Sent "b58b60bb367d40148defa4e6240b2dc2", received "<!DOCTYPE> html..."..etc
In order to verify the subscription, your server must respond to the GET request with the hub.challenge parameter only.
How do I respond to instagram API with the hub.challenge parameter.
Resources:
http://instagram.com/developer/realtime/#
We have a website that have a Donate functionality
So we integrate with Paypal
After the user donates on PayPal , Paypal sends a request to our website that confirms the truncation
So how to check if the request is coming from Paypal , How to check for the certificate provided by Paypal or just check on the Request.Request.Uri
Because if i did not do this check any one can spoof and send a request with the parameters sent by PayPal confirming any fake transactions
You may like to refer to PayPal Payments Standard Integration Guide. On page 344 it talks about setting up certificates. Also refer to page 347 which specially talks about what you want. You can run a command and pass PPCertFile parameter which refers to PayPal public certificate
Only thing you can do is check for REFERER, but that could be empty as well. at the end of the day you can make your page secret, but whoever donates you, they can see your return url. I am sure Paypal sends you some sort of notification via email so you know its not a spoof. even if you try to read header of incoming request..they could be spoofed as well.
Get referrer URL - visitors coming from Paypal (HTTPS)
I am developing a software but for that I want to know as if i send an email then how can i check the sent email is in recipient's inbox/ Junk.
I am using AsP.net and c# technology for this
Please reply
You can't detect what is done with the email once it is delivered to the users inbox other than requesting a delivery receipt and a read receipt but the user can opt out of these.
The best way to avoid being marked as spam is to use a trusted third party service such as Campaign Monitor or MailChimp.
Failing that you should make sure that your email has a proper from address set, that you have set up SPF records to allow the sending IP official permission to send email on behalf of the from domain, keep your html to content ratio reasonable and if possible use an email address that your customers have already received an email from before so that there is a higher chance that the address is already in a whitelist.
You really can't because there are many different email spam solutions out there and they don't send a status back saying whether they delivered the email to the recipient or not. What you can do is send an email with a tracker to see if the receiver opened it.
http://www.aspnetemail.com/samples/emailtracker/default.aspx