Instead of using the built-in email system in Firebase, I wanted to use a SMTP called SMTP2Go but was wondering how to connect it and if need to buy my own email domain first or not? What requirements are needed to connect a SMTP to Firebase?
I assume you're trying to set up a custom SMTP server for sending (verification, password reset, email change) emails from Firebase Authentication. You can set a custom SMTP server in the Firebase Authentication console.
You don't need a custom domain for this. All you need to know is the SMTP host and port of SMTP2GO (something like mail.smtp2go.com and 587), and your account details from them (the username/password you use to log into smtp2go with).
The Sender address field is just what recipients see in the "From" field of the email, and also where any replies they send will be going. It can be whatever address you want to use to support your users.
If you would like to use the Gmail account as SMTP service for Firebase following steps might help you with that. I have shared a medium post about it if you would like to have more details.
Enable the 2 step verification for the G Suite account.
Create an app password for the account.
Allow users to manage their access to less secure apps
Unlock the captcha
The G-Suite account is ready to be used as an SMTP service for firebase.
Check this link please for more details.
Related
I am new to firebase and I am trying to handle firebase user authentication in React.js. I did manage to create users with email and passwords. But, now I would like to send the user an Email link to reset their password.
My code currently look like this.
// This line of code belongs to the top
import { auth } from '../firebaseConfig'
//This part goes under the React component
<p onClick={async () => {
try{
await sendPasswordResetEmail(auth, // My Email Id)
alert('Password reset link has been sent to your email')
}
catch(err){
alert(err)
}
}}
>Forgot your Password ?</p>
However, I do not get any error messages and I do get the alert message that says "Password reset link has been sent to your email." Unfortunately, I didn't receive any email. Note that I have given my own email id as the parameter for testing purposes.
firebaser here
Did you check your spam folder? We recently see a lot of the emails from Firebase Authentication ending up in the user's spam folder or being marked as spam in a system along the way. This is being tracked in this status message on the Firebase dashboard and in public issue #253291461.
To reduce the chances of the messages getting marked as spam, consider taking more control of the email delivery yourself.
As a first step, consider using a custom domain with your project. Email that comes from a custom domain has less chance of being marked as span.
As a second step, consider setting up your own SMTP server.) for delivering the email, so that the emails are not being delivered from Firebase's shared infrastructure anymore.
While these steps are more involved, they typically will drastically reduce the cases where the messages from Firebase Authentication are marked as spam.
Full Guide Based on Frank's Answer
Firstly create a new email account you can use to relay the Firebase emails through the SMTP server with. I personally chose Gmail, but I tested with Outlook and it also works.
You can now find an SMTP server host that will work for your scenario. If you're sending less than 1000 emails per month you can find free and reliable hosts. I chose SMTP2GO's free option.
Now you've found the SMTP host, add the email address you've chosen as a single sender email (note that if you do own a domain, you can alternatively use that to send emails).
Note that you will have to verify the email, usually by your host sending a link to the email's inbox. Make sure to check spam.
Once verified, navigate to where you host allows you to add SMTP Users and add a new user. This will allocate an SMTP username and password.
Navigate to the Firebase console, and choose the Authentication option from the sidebar (within the Build product category).
Go to Templates → SMTP Settings and enter the details of your SMTP server. The username and password fields are to be filled with the SMTP user login you created in the step above.
It is better to use TLS, but I believe SSL should work too but it is untested.
Click save, and you're all set up - but there may still be steps to perform depending on your email provider.
Provider Specific Steps
If the emails are being sent to an account managed by Google you will have no issues with your emails being quarantined by anti-spam policies and it will work immediately.
If you are using Outlook, you will have a different problem on your hands. Outlook's built in defender will most likely have auto-quarantined your email under multiple policies - that bit is important.
These policies are likely to be both spam and phish policies. If you unblock one of them, the other will catch it and re-quarantine.
Unblock both policies for the email address, and test. You can see the status of quarantined messages in Microsoft 365 Defender app under Review → Quarantine. Please note that you will need to be an administrator to add global allow policies to your email accounts.
If this still doesn't work it is likely that your company has an additional external filter (as mine did), and you will have to add the IP's manually to the Tenant Allow/Block Lists spoofed senders tab.
When using Firebase Auth, should I allow users to change their email address if they originally authenticated with Google?
How would I then handle this, when the user will not have a password and will not be able to log in with this new email address but will have to use the Sign In With Google option and log in with their original google email address.
You can link multiple authentication providers to one account - see the docs here.
This way, they can choose to sign in any of the linked providers on another device or on the original device (e.g. after they've deleted and re-installed the application).
Firebase auth clients can automatically send an email to a user when they try to sign in using password-less signin. For example, all you have to do in the android client is auth.sendSignInLinkToEmail(email, actionCodeSettings) and the firebase servers take care of everything. That means that there's already an email template, SMTP configuration, etc to be able to send that email.
How can one tap into that infrastructure but from a backend? all I find in the admin sdk is how to generate the sign-in link but that would force one to set up a service to send the email, deal with templates and localization and other things that give you extra flexibility but that are not necessary if the existing mechanism works well for you
I am using Firebase Authentication in my Ionic App. Some users have reported to not receive the verification email which is sent after a user signs up, or when the resendVerificationEmail is triggered.
This works fine for email providers like #gmail.com or #live.de, but for those other users with special providers like #gmx.at it's not working. The emails are sent successfully according to firebase but they are never received.
Possibly the emails get filtered?
Has anyone else ran into this problem? The message template can not be modified but would using a custom SMTP server possibly help?
The problem is solved by using my own private SMTP server for sending the Authentication emails.
I am using a hosting service for my domain that comes with email service so I am using that one. Using other services such as Mailgun or Mailjet etc. might also solve the problem.
You can set up your custom SMTP server right in the firebase console under Authentication/Templates.
I had the same problem with others emails providers (orange.fr sfr.fr free.fr ...). After deeper analysis, it appeared that it is the domain address inside the (generated) link that is detected as SPAM by emails providers (maybe everything that sounds like *.firebaseapp.com)
https://your-subdomain.firebaseapp.com/__/auth/action...
I changed it to a custom one of mine (through Authentication->templates->"Customize action URL" (bottom right)):
https://www.my-custom-domain.com/__/auth/action
and no more problem!
Some doc (note on blue background):
https://firebase.google.com/docs/auth/custom-email-handler?hl=en&authuser=0#link_to_your_custom_handler_in_your_email_templates
I understand from the docs that if I change the e-mail-address of a user via the client, i.e. using something like user.updateEmail(), a restore e-mail is sent to the old address automatically. Does this also happen when updating a user via the Admin API?
No. Firebase Auth Admin API directly updates user's email address without sending the emails.