Syncing application with email without storing email passwords - security

I'm working on a web-based application, and looking to integrate each user's e-mail (gmail, yahoo, etc.) into it. I'd like to do an automatic sync (side detail: selective to specific e-mail addresses) of inbox and sent messages, i.e. any messages sent through the application will appear in the user's e-mail, and vice versa; any messages received in the application will appear in the e-mail, and vice versa.
My question: I realize this will probably involve IMAP. Is there a way to go about this without storing the user's e-mail passwords? I'm open to any language, infrastructure, etc.
If there's really no way around storing the passwords, would MD5 be sufficient? Any other thoughts would be greatly appreciated.

you would need to find an OAuth-based API for accessing the email provider. this would allow the user to authenticate themself, provide you with an access token for later use.
I believe you can do this with Gmail, Yahoo (see links)

A situation where this might arise is a private messaging system on a forum. A user might want PMs forwarded to their main email so that they don't have to remember to check the inbox on your site as well as their main email. Then when users reply to those messages, you want the reply to go as a PM to another forum user.
Forwarding PMs as emails is trivial. In order to allow replies, you need to have the email server on your site parse out some information in the email that indicates which user it should be forwarded to as a PM.
If you really want to allow a user to access their entire GMail inbox from within the interface on your site, rather than just messages that went through your site anyway, then you are facing a much larger task.

Related

What's the simplest way to send emails using Node.js?

About two years ago, I created a Node.js application that would send emails periodically through Gmail's Less Secure Apps option. This worked quite well, but they recently got rid of it. I have G-Suite email addresses under my domain that I would like to send emails from, but the new Gmail API takes quite a bit of effort to set up and maintain. Is there a way that I can use Node.js to send emails from those addresses, but in a simpler way? Could I possibly use another SMTP server, like Yahoo or iCloud, with Nodemailer?
if you want to continue as you are just create an apps password.
otherwise you can configure a service account and set up domain wide deligation through your workspace domain account.
The service account will be able to send email on behalf of a user on your domain without any authorization needed. This is probably the most robust solution

Creating a shared support email in GSuite

Currently the small business I work for has a support email address setup as the following: support#mybusinessdomain.com (changed domain for anonymity).
We need to make it so that multiple people can manage this email address, and the way we have it currently setup is causing some issues.
The way it is currently setup is that all emails are forwarded to myself and three other coworkers that manage the support emails that come in, and each of us have setup the following rule:
"Do this: Skip Inbox, Apply label "BusinessDomain Support", Never send it to Spam"
So we get all of the emails sent to that label, they skip our inbox and we delegate/respond from there. This was causing issues with my coworkers responding to the same emails and has our customers replying to our actual work email addresses rather than the support email.
We setup a process/procedure to make sure my coworkers and I were only answering things once, and to solve the problem of customers responding to the wrong email address we added the support#mybusinessdomain.com email as a "Send mail as" for each of us. However, now we are all sending emails from the same email address and it is a bit confusing as to who responded AND all sent emails are showing in our sent folder.
So, what is the best way to setup this support email so that multiple people can manage it and so that customers that reply to emails sent are always sent to support#mybusinessdomain.com?
Any help would be great!!
You need to use a group as a collaborative inbox.
Collaborative inboxes are especially useful for technical support or
customer service teams. For example, you could create a group with the
address support#your-domain.com. You could then add your
support staff as group members, and allow people outside your
organization to send messages to the group. Your support staff would
then receive customer messages and take any of the following actions:
Assign responsibility for topics to group members
Mark topics as resolved
Edit tags associated with topics
Filter topics according to tag, resolution status, or assignee

Dedicated Services Account and Embedded Sending Experience

We are using the EnvelopeView: CreateSender endpoint on the server side and are authenticated under a service account we have dedicated for this process. Ultimately, we send a URL such as https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=<GUID>&DocuEnvelope=<ENVELOPEID>&send=1 back to the end user to pick the signers, and populate tags.
All works fantastically, however, we were hoping to make it so the user can only see and populate the information for this single document. Currently, once the user clicks the link they are essentially authenticated as our backend service account and if they open another tab in their browser and go to (https://demo.docusign.net) they can see all documents and even change the password of the account if they wanted.
Is there a way to restrict this in any way? Would the experience be different if purchased an “API” account not tried to use an actual user account on the backend? Yes, we know about OAuth, but we don’t really want to impersonate the sender and prefer to keep a dedicated service account.
An "API" account would give you the same issues as dedicating one of your current users as a "Services Account," so I don't think that's a solution.
Instead, I suggest that you move all of the functionality that's needed upstream into your app. That way you will not need to present the Sender view to your users.
Your app can enable your users to:
choose who the envelope will be sent to
choose/edit the email messages, etc
choose the documents that will be sent
etc
If you have preset templates that include the document tabs/fields for the signers then there is no reason for the sender to deal with the sending screen for picking the tab/field locations on the documents.
This type of app will also give a smoother user experience to your users since they'll stay in your app rather than bouncing over to DocuSign for part of the task.

Is there an API to the GMail server?

I know there's an API for a Gmail plugin in your browser. Is there one for the server? For example, if I want to write an anti-virus app that reads emails coming in to an account on the server, then let's them continue or quarantines them - all before the user ever sees them?
Obviously it would have to be authorized for the users it did this for.
EDIT: As of 26/06/2014, this answer has become incorrect, as Google just released a dedicated API to GMail. See the link in this post for reference.
Original answer below this line :
From a technological perspective, it's a mail server just like any other.
Thus, your choice should fall on a mail protocol. It's also already answered in the question you linked: https://stackoverflow.com/a/2820280/1680196
Your app would open an IMAP connection to your mail server of choice (in this case gmail), scan for incoming mail, read the content and trigger a delete / move to trash if necessary.
Personally, I wouldn't trust any app like this running outside my own mailserver / mail client, since this use case requires full read and write access to a users mails.
There might be some API for Google Apps for Domains mail accounts, but I doubt this goes beyond the RSS mail notifications.
Edit: Official Google api documentation also refers to IMAP for accessing user inboxes. Link to IMAP OAuth overview. With application specific passwords users could enable your app to access their account without exposing their actual credentials, but beyond that I fear you are out of luck.
There is an HTTP REST API now!
http://developers.google.com/gmail/api/
(And has been for years if you were willing to use IMAP. :-D)

How to create the contact of the sender automatically when the mail is received using Google Apps Script

I have signed up with Google Apps, I am using a third party SMTP Server to send the emails from the web app, Emails are reaching inbox for all the email clients (yahoo, gmail, hotmail...)
But Emails sent to my domain (mydomain.com) are reaching SPAM, This is happening only for my domain Which is google apps account domain. The solution to the problem is the sender must be in the contacts of the receiver. So its a overhead involved in adding the sender in the contacts before receiving the mail. This is not automated.
NOTE: Mails sent from <xyz#mydomain.com> to <abc#mydomain.com> are reaching SPAM. It means, Its happening only when the sender and receiver belongs to same domain.
ASSUMPTION: ALL the emails will be sent from mydomain.com .
So, I want to write a script using google apps script So that when a mail arrives from mydomain.com (having FROM address belongs to mydomain.com), The script must execute and add the senders emails address in the contacts. So it will avoid the spam rate.
I am very new to google apps script, Please help me doing this, Or if any better solution is there please feel free to post.
Vinay,
It sounds like you may have an incorrectly configured SPF record. Please see this article:
https://support.google.com/a/bin/answer.py?hl=en&answer=33786&topic=2759192&ctx=topic
Email that has a mydomain.com sender address, needs to come from a mail server listed in your SPF record or risk being sent to spam.
By chance, has Contact Sharing been enabled for your apps domain? I'm just offering this as an hunch that might help rather than a specific solution to your problem.
If this doesn't help, its a straightforward but non-trivial problem to add all your domain accounts to each others contacts list (and keeping it synced over time), but you'll be leaning heavily on a version of the Contacts API rather than plain Apps Script because the Contacts service only operates on the contacts of the user executing your script.

Resources