Geek Answers Handbook

How to check sender of incoming email address in Google App Engine?

I am trying to write an email application in the Python SDK for the Google App Engine. I noticed that Google allows you to receive email through its API and easily gives you access to standard fields, such as From, To, Body, etc. However, if I try to verify that the email address came from the one who said it came (sort of like Posterous does this for you), how can I? I do not have access to any email header, so I can not check the MX record of the IP address of the sending server or something like that.

Any ideas?

+3
python google-app-engine email verification
source share
5 answers

In fact, until documented, the sources here assume that there is an original mime message from which you get convenient objects as the .original property for a convenient object β€” an instance of email.message.Message so that you can receive email headers from there. I am not sure if this is even more in your search for confirmation.

+2
source share

Email is usually not a verifiable medium unless you sign it using PGP or S / MIME. If you do not have headings, you have nothing to check.

The only thing you can do is send an email address and ask the person to confirm that they really sent the message. This is much harder for a fraudulent email sender to fake (but not impossible).

Or you can ask the user to put a password in each message.

+1
source share

Alex is entitled to access the headers, but this does not allow checking the actual sender of the email: everyone can send an email with any β€œfrom” address that they want, so do not rely on the address from as an authoritative proof of who sent it.

+1
source share

If this is part of the registration process or similar, then why don’t you send back the β€œcall” (for example, the URL to continue registration or something else, with a unique and time-bound key) to the (supposedly) creator? This way you can check if the mailing address was not tampered with.

Big guys (like Google) use this process a lot, there must be a reason.

Do not pay attention to my proposal if this is not suitable for your use case.

Updated : Could you forward emails through another web service (before being determined) before reaching your GAE application? So you can still use GAE with a low workload such as an email check done somewhere else?

0
source share

You can only verify the sender with DKIM. GAE automatically signs emails with Google accounts using DKIM, but you need an external service (which must be accessed via http / https) to query DNS and provide you with txt DNS fields.

0
source share

More articles:


All Articles