Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I've just been informed by my boss that I will be taking over our company's CRM application. It is a web-based, .NET MVC, single-code-base, multi-tenant application. As the product was explained to me, it became clear that the email feature is a nightmare to maintain. I'm looking for alternatives to doing it in-house. I'll explain:
The app logs and track all forms of contact with prospective customers... phone calls, emails, etc. Thus, one feature is the ability to send emails from within the product, and then to have any reply emails also be stored in the CRM's sql database as well.
The problems with this kind of email system built into our web-based, self-hosted CRM product are abundant, but the largest of the problems is the work we need to do to prevent our IP from being black listed. It's a nightmare. There has got to be a better way.
I asked my boss if he had looked into outsourcing the email management. He said yes, but he didn't find anything that had the features we need and still allow us the control we want.
I'll explain the features we need, and I'm hoping somebody knows of a service that might work for us.
What we need...
I envision a vendor which offers a service-based product which we can consume via some sort of API or POST. When our client sends an email from within our CRM product, we would toss over the wall (in a secure manner) to the vendor the following:
Body of the email
Sender's name, email, userid & password
SMTP address of our client
Recipient's name and email
Some sort of unique id that identifies this email, so that threads and conversations can be tracked.
The service would then validate the sender's email against their SMTP server, and send the email on his behalf.
The kicker would be being able to also track reply emails, and to get them back into our CRM product. The vendor could perhaps push them to us, or, every x minutes, would could query them to see if there are any replies waiting to be sucked up.
So, does any such service exist? If so, have you used it, and what has been your experience?
MailGun and SendGrid are two transactional email service options that you might want to consider. They offer API-based email at scale.
I know that with MailGun you can use their API to validate email addresses before attempting to use them. This may help with your blacklisting problem. Check out the API here: documentation.mailgun.com/api-email-validation.html
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 months ago.
Improve this question
I received 30+ emails in all languages (often eastern European) that always say the same thing :
"hello
We received a request to access project-0000000000 with this email address. If you want to sign in with your (your email) account, click this link:
Access to project-0000000000
If you didn't request this connection, ignore the email.
With respect,
project-0000000000 team"
I have received 30+ of these, without any prior action on my side. They generally have an URL "leading to the project". The URL seems based on firebase as well (xxxxxxx.page.link/?link=https://0000000000.firebase.com/...), but I wonder if it could be malicious, depending on what comes at the end of the URL, I guess.
If it's an attack, I guess the vector attack is the URL, because I cannot see any other option.
If it's not an attack, I wonder why on earth I receive all the emails, and what I can do about it.
The strangest thing, for me, is that I once received an email in Turkish thanking me for my contribution to one project. This email had no URL, so no obvious attack vector. I don't know if it was a case of social engineering, or if someone is impersonating my email address to use firebase.
Do someone know what could be going on ?
It's spam, I've been getting those emails on different languages lately. Do not click any links in them!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
If I have a webapp (website) and I am posting data from the user's browser to Firebase, how does it prevent some other website or hackers from posting to my database?
If there is an API key or token, it is viewable from the traffic from the user's dev console. Can it be identified by which website the user is on, but even so, the hackers can spoof a website in the HTTP traffic data.
Without backend code, if I post 10 game coins for a user, how can I stop the user from posting 100 game coins to the same Firebase database if there is no server code to control that?
(there is a post about other hackers hacking it will be difficult, but what about a hacker hacking his own account?)
If I have a webapp (website) and I am posting data from the user's
browser to Firebase, how does it prevent some other website or hackers
from posting to my database?
It doesn't really "do" anything by default. You have to do something.
If there is an API key or token, it is viewable from the traffic from
the user's dev console. If it is identified by which website the user
is on, the hackers and spoof a website in the HTTP traffic data.
All traffic sent between client apps and Firestore is encrypted, usually over HTTPS or other encrypted socket, so it's not visible to anyone who can just see the stream of encrypted bytes between the client and server.
Without backend code, if I post 10 game coins for a user, how can I
stop the user from posting 100 game coins to the same Firebase
database if there is no server code to control that?
Your security rules will prevent that, but security rules might not be robust enough to stop unwanted changes. So you might need a backend for that. You shold always assume client code has been compromised, since it runs on hardware you don't control.
(there is a post about other hackers hacking it will be difficult, but
what about a hacker hacking his own account?)
When you use security rules (or whatever mechanism) to gate access to individual authenticated users, you should assume that the user isn't bound by the logic in the app. Someone can take their own auth token and use it in calls to Firebase services to do whatever they're allowed to do with that account. This is really not any different than any other permission system.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 months ago.
Improve this question
We are developing an app which requires users to verify their email adresses. When user signs up, Firebase sends email and if user verifies his email, he completes registration. This process works flawlessly.
I am not developer but have some basic skills about programing and I want to test app with some fake users so we need to create new users. User creation can be done with Firebase Console but we cannot pass email verification process since we do NOT have access to that fake emails to click verification links.
Is there a step by step tutorial of how to connect our Firebase database remotely and verify a fake user's email so user's email status is changed to verified? I guess there is a command line tool which lets developer to connect database remotly with access data and make some changes on user's status.
You can use the Admin SDK for Firebase Authentication to mark the user's email address as verified. From the documentation:
admin.auth().updateUser(uid, {
emailVerified: true,
})
This is Node.js code, so you'll need to create a node script that contains this snippet. There are also examples for Java and Python on the page I linked.
I just had the same dificulty in order to validate the user by email, but here is the answer.
new_user = auth.create_user_with_email_and_password(email,password)
auth.send_email_verification(new_user['idToken'])
This will send a link to user's email. The email will be the one in your firebase template
I know I'm late but you can use fake emails and access the inbox of each, these emails are temporary for testing. You can use https://app.mailslurp.com/
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've heard it's good to use third party SMTP providers to send your bulk emails because they have a higher trust rate and can avoid the pitfalls of being blacklisted.
Does this still apply for emails to a single user? I.E I need 100% guarentees my:
Registration, activation, forgot my password emails e.t.c (which only go to on person) will arrive at the recipient. Can I just use SMTP from my own server?
Using Azure hosting and ASP.NET
The assumption often repeated by Azure folks, is that Azure will eventually get blacklisted as a platform for sending out emails, because of its potential to be a spam platform.
Because spammers may abuse it and get it black-listed with email servers worldwide, it is suggested by Azure folks, that you utilize a "better" email sending system than your own SMTP servers.
It doesn't matter how many people you send your emails to. The worry is, that Microsoft is not doing anything to stop spammers from sending emails from Azure and thus the risk exists that in a few months or years from now (or maybe it's already happening), your registration emails to your users as well as emails from anyone else running on Azure will go directly into recipients' spam folders .
There are no 100% guarantees in email delivery. Each email provider has their own internal methods on decided whether or not to deliver an email.
The IP of your SMTP server is one criteria, and yes your reputation matters... and once you abuse that privilege it is a hard thing to recover from. There are a number of other criteria that email providers use when deciding to mark your message as SPAM or not. This can include if you send email too fast or perhaps if too many of your emails bounce due to invalid addresses. Domain reputation and the activity of your email recipients matters too (does everyone just delete your message without opening, or is everyone flagging you as SPAM?).
Sending email from your own SMTP server should be safe as long as you haven't participated in bad email practices in the past. I have personally seen to negative effects of attempting to do mass-email from your own server, and that will impact even transactional emails that your website may generate.
Depending on your 3rd party SMTP server, yes they could be more successful than you. If you have not done any bad email practices in the past, though, your own should be fine as well. It does help to use a service though where they specialize in email delivery and maintaining your sending reputation. Either way, nothing will guarantee 100% delivery.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I'm looking for a simple service/software that will convert emails into HTTP POST requests so I don't have to code in separate code paths for email handling. Does such a thing exist?
Google app engine converts incoming email into a POST to your app:
http://code.google.com/appengine/docs/python/mail/receivingmail.html
You could either handle the emails directly on app engine, or write a handler which calls back to your other site:
http://code.google.com/appengine/docs/python/urlfetch/overview.html
There are a couple services you might be interested in:
http://mailhooks.com is a good free solution for this, but there may be a delay in the time to post, and I don't believe they include attachments.
You might also look at http://mailnuggets.com which is a paid service, but posts are quicker and it includes attachments.
Bit late but I was looking for something similar and came across http://www.email2http.net - they allow you to send your email to a web script via HTTP POST or GET and it includes attachments. If you only need 1 email address and script it's free.
You could run Postfix or another mail server, configure it to accept the appropriate email, and then pipe the mail to a command which POSTs the data (using CURL or another framework).
Speaking SMTP correctly as a server isn't trivial. Access control is even harder. I'd say to use a real SMTP server.
I have needed to do this several times and always rolled my own Postfix solution. I finally made a docker container and open sourced it https://github.com/thingless/mailglove.