I'm trying to connect to send an email using PHPMailer, but I'm having an issue because my SMTP password has certain special characters in it. It looks something like this:
blah_blah>/'`'<script>xx
Is there a known issue in PHPMailer with using a password similar to that? Or is there a way to encode that kind of a password so it can be used? I couldn't find anything on this specific issue.
Related
So i recently created a script using s-nail to send mail relay to an external SMTP server
in the script, I simply have s-nail -S smtp="serverip:port" and my destination address
It works, but in the verbose log, it shows the following lines
s-nail: Obsoletion warning: Use of old-style credentials, which will vanish in v15! Please read the manual section "On URL syntax and credential lookup" s-nail: Obsoletion warning: please don't use *smtp*: assign a smtp:// URL to *mta*!
Now I did some read and it does not seems complicate. i just need to slightly adjust my script the way it send. But since our environment still does not use smtp auth . so my question is do I need to worry? I mean will s nail actually force you to use the new URL format? the issue with new format is that in the man page, it seems like you will have to provide username and password and can not leave those fields to empty. Otherwise, it fail when I try it.
ANy suggestion?
Or can you use it without any username and password?
NOTE - our test environment does not support username and password auth.
Or ....
thanks
I'm building a system, where its registered users are able to send emails automatically. I came across 2 solutions to achieve this,
By getting the username and password of GMAIL accounts and sending mails using nodemailer.
By using Google Oauth, to let the users give access to my app to send mails on their behalf(Without sharing their mail credentials).
The first method works as a piece of cake, but the second option sounds a bit more professional and safe. I figured out how to send mail using a single acc. to other people. But couldn't find a possible solution, to send emails from the user's mail. (As it requires refresh token to send them)
I came here looking up for a possible solution that helps me solve this issue.Thanks in advance!
Go with google OAuth or if using first one use bcrypt salt or some type of hashing to secure password.
I would suggest you to go for second option. There is a good and very important reason to do so. You need to have a good and secure DB to save this information which could be an overhead for you.
Hashing the password and saving it to the DB won't help you. As you can never get the actual password from the hashed one and you can't send the hashed password to the gmail account. So, you can't do that.
Second option is a better way in every term, you just need to have a refresh token and that won't be a big deal. You can get it nodemailer transport layer can help you to get it.
I am attaching this link where you can easily replicate the steps to get it done.
I have been trying to figure out how to programmatically check if a gmail account exists. Almost all searches lead to validation services like xverify or EmailOversight where you validate any email address on a cost per request basis.
What I am interested in is a way to do that directly, without a middleman. In other words, how do these validation services do it? Seems like there should be some sort of an API that google provides for those guys to ping to see if an email address is valid.
Please note that I am not interested in checking the syntax of an email address. So I am not looking for some kind of a regex solution.
Also, what I have tried is connecting to gmail.com MX record domains (e.g. alt3.gmail-smtp-in.l.google.com) and trying to extract the validity of an email address by running simple SMTP commands. Essentially what this article suggests: https://www.webdigi.co.uk/blog/2009/how-to-check-if-an-email-address-exists-without-sending-an-email/
But I cannot do that for any kind of volume. Gmail will start blocking your connection attempt after a certain number of connections. So that method is not scalable. That's why I feel like there has got to some other way.
*******ADDED*********
Here is why this question is different from How to check programmatically a email is existing or not
That post provides only one solution, and it's one I have already tried - using SMTP commands. Google will NOT allow to do that on any kind of scale. If I only had to validate a few emails, then that would be a sensible solution, but if I have 10,000, it is not.
I have just signed up for SendGrid and have been able to successfully email but I was wondering if it is possible to send emails with no authentication? At the moment I have only been able to send using authentication.
Thankyou in advance for your response!
Why do you want to send without authentication?
Imagine that from SendGrid's perspective, how are they going to know that it is you sending email (and hence bill you for it) and how are they going to prevent just anybody connecting and bulk sending whatever they want!
This is known as an Open SMTP Relay and is generally considered a very bad thing™ ;)
The good thing though, is that it is very difficult to find an application that doesn't support SMTP authentication. Whatever you are using will have a setting to configure auth, and once its set up you can likely forget all about it being there.
However, if you can give an idea of your use case, we can probably help you figure out a better way of achieving your goal...
I was thinking about creating a service similar to posterous where users can post to a fixed address like post#domain.com and then authentication of the posts would be based on some combination of the from address and header signature. Posterous seems to be doing something clever so that they can detect if a message is being spoofed or sent from an unknown source.
Anyone know what they might be doing?
There are some basic heuristics you could use, to try to detect it.
The most basic thing would be to look at the originating host and headers of the previous emails and see if they match previous ones. If the poster's email domain uses SPF you can verify the IP address has permission to send on behalf of that domain. It's easy to spoof an email - it's harder to spoof an email and actually have it originate from a subnet that matches where your previous mail has come from. But that can be subverted, as well.
First off, the email you post to should be random and unrelated to any display name. This keeps random strangers on the net from knowing where to post in the first place.
You could also go far more sophisticated and implement some sorts of machine-learning-ish things (or even more straightforward heuristics) to pick up on style, but that would be much tougher to get right.
Or just be lame, and upon receipt of a post, fire back an email to the poster with a link to verify and/or a special token to send back as a subject (if they're posting from a phone, etc. with no browser).