I am working on a web application which allows users to share stuff on a web-page by clicking on an 'email to friend' link; similar to what extole is doing here
http://www.american-giant.com/mens-heavyweight-full-zip-hooded-sweatshirt-product.html
on this page if you click on the email icon near "REFER & GET $15", you will see a pop-up where you can enter your own email and a friends email and can edit the subject of the email. When you click send the data is sent to the backend as json. They are using a plain simple url to do this i.e. http://refer.american-giant.com/v2/share.
The problem for me is that somehow spammers got hold of my url (can't mention here) and now they are using it to spam others by using some sort of a script. What I did is I placed a check in the backend api to block an ip if more than 5 share requests originate from it, but it seems that the spammers have a lots of ips (more than 30,000 from what I counted in my logs) so they are still able to send lots of email. One possible solution is to use a captcha to thwart the spamming script. But I am curious that how extole is doing it. They aren't using any captchas; and they are famous too, so it is unlikely that spammers don't know about their publicly accessible api. Can any one shed some light on this?
Note:
1. I am using a third party email service to send the emails.
2. Users are not required to sign in as this defeats the purpose of sharing on a simple website
3. Users can edit the subject and body, thus these are sent to the api call and this is what allows the spammers to abuse the api with their own stuff.
Related
I'm building a CRM that has individual contacts arrive through a contact page on the main website. Each contact needs to be emailed individually and the application will need to display the email correspondence. Essentially a client of Gmail.
I'm having a very difficult time tracking down a good starting point for this problem, and I was curious if any one else has given this a try, perhaps using the Gmail API.
Thanks!
I'm able to generate the document:
But they are not showing up as requiring action, nor are emails being generated for them:
For reference they were sent to myself (same email)
Check your spam folder and also make sure the emails aren't getting stopped by security software, firewalls, or any other type of network filtering. Try testing with external email addresses to help debug as well, for instance use a gmail or yahoo email etc.
new to programming on the web so bear with me.
I've figured out that OAuth2.0 (the authorization protocol used by Gmail) is used for applications where Site A is given permission to information in Site B (in this case Gmail) by User X.
I am trying to create a website that updates when I receive an email from a specific sender. So, I am not using any of my website users' email information. I'm only using my own. I cannot seem to figure out (or even understand at a high level) how to permanently give my website access to my gmail account without doing some kind of user authentication on myself. What is the high-level process for giving my website this permanent authentication?
Let me know if I can make this clearer. Thank you in advance!
I've never done what you are trying to do, but you may find some useful answers here :)
Getting e-mail ID of sender while fetching mails from Gmail
I hope this helps if not I'm sorry. :)
UPDATE:
After reading that link a little bit more there are parts of it where they are getting the sender. You can always write a code to compare the sender by implementing what you need from that link. :)
In our website, we need to achieve a seemingly simple task: Enable the user to send a specific text to all or some of his/her Gmail contacts (including contact selection).
We don't actually need the contact data itself. We prefer some kind of "Gmail Plugin" (if there is one) that asks the user to login and does all the work. Alas, we couldn't find any.
We did find several different Google APIs related to this task. Some of them seem to give us contacts data. Others seem to handle sending email:
There is "Contacts API" under
https://developers.google.com/google-apps/contacts/v3/...
There is "Contacts Service" under
https://developers.google.com/apps-script/reference/contacts/...
There is "Gmail Service" under
https://developers.google.com/apps-script/reference/gmail/...
There is "Gmail Platform Integration" under
https://developers.google.com/gmail/...
Each of the above looks different and there seems to be much overlapping between them.
So what is the recommended method to achieve our original task? Is there a plugin that does it all? If not - should we use separate APIs for getting the contacts data and sending the emails, or are there Google APIs that combine both sub-tasks? In case those are separate tasks - is it possible to email via Gmail, or are there other recommended services for the email sending part?
To directly answer your question: you must use the first API you pointed, Contacts API under https://developers.google.com/google-apps/contacts/v3/.
Basically, you want to use the Google Contacts API with OAuth2 authentication in your website: user will be prompted by Google to allow your website to read user contacts.
First, read a bit about OAuth2 authentication flows here: http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/
Second step: register your app on Google Console and get your key/pass for the Contacts API (you'll need contacts.readonly permission): https://console.developers.google.com
Then, as you'll use the OAuth2 for Web Servers, check this Google documentation: https://developers.google.com/accounts/docs/OAuth2WebServer
Alternatively, you can use third part libraries to easily import contacts to your website. There are free libraries, like PHP OpenInviter.org, Ruby OmniAuth gem, and paid alternatives, like CloudSponge.com (multi-language).
Disclaimer: I work for CloudSponge.com.
You could achieve this as you say with Google APIs and a Chrome Extension for example.
The user can add a Chrome Extension from the Chrome Webstore. The Extension will provide the user with a user interface to allow them to compose their message and send to the selected contacts.
The users contacts can be retrieved with the Google Contacts API.
The message can be sent to the selected contacts with the Gmail API.
There is a lot of documentation and examples for all of the above which together will give you what you want.
Depending on how much use this is going to get, you could use a contextual gadget which is browser agnostic - but visible in all emails in Gmail.
This is wrong the idea is to post the text to buffer a and submit pointer to array on buffet a and copy it to class b pointer a 0 than release the array and buffer so new allocation can be done
I have a site on a dedicated server with it's own IP range that has been running for a good few years. We have a notification email address (mailout#domain.com) which we use to send automated emails (activation emails when a user signs up and notification emails if something relevant to them happens, eg someone befriends them or comments on their picture etc). Users can select whether to receive these notifications or not. We have SPF and RDNS setup.
Email from all our other email accounts go to hotmail/gmail/yahoo mail etc correctly into the inbox. However any mail sent from the mailout#domain.com account (whether automatically by the server or manually via outlook) is delivered correctly to the inboxes for yahoo and gmail however goes into Junk in Hotmail (but other #domain.com addresses deliver to hotmail's inbox correctly). It says at the top of the message that MS Smartscreen marked this message as junk. I signed up for MS Smart Network Data Services to monitor the IP and it says it's not blocked but it displays Bot-like behaviour (which kind of makes sense as our notifications are kind of bot like even though they're not spam).
I can't work out what to do to prevent this from happening, we've authenticated the email, there's obviously not a general block on the IP as emails from different accounts on the same domain are going through successfully. It doesn't seem to be the format of the email either because if I send identical emails from mailout#domain.com and contact#domain then the one from contact# gets through to the inbox but the one from mailout# goes through to junk.
I can't really work out what to do and obviously trying to get MS to sort it out is never going to happen and i've used all their available tools. I can obviously try setting up a new email address (eg noreply#domain.com) and using that for notifications but i assume it will only be a matter of time before that gets blocked as well.
I would be immensely grateful for any suggestions anyone has!
Thanks so much,
Dave
You don't have many options. Try to do as many of the following as you can:
Reach out to MS support (don't discard this notion)
Implement DKIM and possibly DMARC (which are vastly more informative than SPF)
Change your IP address to something cleaner
Find and follow bulk sender best practices, e.g. M³AAWG's BCPs, perhaps the Help – I'm on a Blocklist doc