I am trying to send an email using Phoneix and Amazon SES, using bamboo and bamboo_ses.
I have verified both email and domain on Amazon SES and added that (the same) DKIM record to the DNS.
I am setting an email like this:
email =
new_email()
|> to(recipient)
|> Bamboo.Email.from({name, from})
|> subject('Some Subject')
|> text_body(body_text)
|> put_header("Return-Path", from)
But every time I send email like this, on the other end I get two DKIM signatures, like this:
Signature 1 :
v=1;
a=rsa-sha256;
q=dns/txt;
c=relaxed/simple;
s=someletterssssssadasdsd;
d=mydomain.com;
t=123456789;
h=To:Subject:Mime-Version:From:Content-Type:Message-ID:Date;
bh=somelettersssssss=;
b=somelonglettersssss=
Signature 2 :
v=1;
a=rsa-sha256;
q=dns/txt;
c=relaxed/simple;
s=someletterssasdasddasdasd;
d=amazonses.com;
t=123456789;
h=To:Subject:Mime-Version:From:Content-Type:Message-ID:Date:Feedback-ID;
bh=somenumber=;
b=kq/somelongnumber=
Why is that? How I can overcome attaching that second signature, as when I try to send through amazon, I get only one (Signature 1), with my domain.
Having multiple DKIM signatures is allowed according to DMARC specification:
Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies.
In fact, Amazon SES always adds its own DKIM signature regardless of being sent via API or SMTP (I'm observing this now) and even for manually signed messages (Amazon SES documentation):
Every message that you send by using Amazon SES contains a DKIM header that references a signing domain of amazonses.com ... [Even] if you manually sign your messages, your messages will include two DKIM headers: one for your domain, and the one that Amazon SES automatically creates for amazonses.com
Related
I've had this noted down on some of my code for a while:
/**
* Add a BCC.
*
* Note that according to the conventions of the SMTP protocol all
* addresses, including BCC addresses, are included in every email as it
* is sent over the Internet. The BCC addresses are stripped off blind
* copy email only at the destination email server.
*
* #param string $email
* #param string $name
* #return object Email
*/
I don't remember where I got it from (possible source) but that shouldn't be relevant to this question. Basically, whenever I try to send an email with BCCs via SMTP the BCC addresses are not hidden - I've read the whole RFC for the SMTP protocol (a couple years ago) and I don't think I'm missing anything.
The strange thing is, if I send an email with BCCs using the built-in mail() function everything works just right and I've no idea why - I would like to roll my own email sender but I fail to understand this.
Can someone please shed some light into this dark subject?
The BCC addresses are not stripped off at the destination email server. That's not how it works.
How SMTP actually works
The sender will send a list of RCPT TO commands to the SMTP server, one for each receiver email addresses, and this command does not distinguish whether the receiver is a normal To, CC or BCC type receiver.
Soon enough after calling the command that tells the SMTP server who's the sender, who's the server, and everything else, only then the sender will call the DATA command, in which will contain the content of the email - which consist of the email headers and body - the one that are received by email clients. Among these email headers are the usual from address, to address, CC address.
The BCC address is not shown to the receiver, simply because it's not printed out under the DATA command, not because the destination SMTP server stripped them away. The destination SMTP server will just refer to the RCPT TO for the list of email addresses that should receive the email content. It does not really care whether the receiver is in the To, CC or BCC list.
Update (to clarify): BCC email addresses must be listed in the RCPT TO command list, but the BCC header should not be printed under the DATA command.
Quoting a part of the RFC that I think is relevant to your case:
Please note that the mail data includes the memo header items such as Date, Subject, To, Cc, From [2].
Rolling out your own email sender
A couple of years ago, I frankly think, is quite a long time back to assume that you still memorize end-to-end of RFC 821. :)
Very late, but the accepted answer is essentially wrong.
First off, SMTP has nothing to do with BCC. SMTP, as a protocol, is concerned only with a return path (the MAIL request), a list of recipients (the RCPT request), and the data to be transferred (the DATA request). If you want to send an email to somebody via SMTP, then you have to supply their address in a RCPT request, period.
The contents of an email - the DATA, effectively - are specified completely separately, in RFC2822. There's a lot of latitude in how BCC should be handled. The spec gives 3 ways of handling BCC, and in only one of them is the BCC stripped out while preparing the email. If I use Thunderbird as an email client, for example, and point it to an SMTP server, and then look at the message on the line, then I find that the Thunderbird BCC has gone (from the SMTP DATA), and the SMTP connection instead contains a standard RCPT request for the bcc'ed address. So, Thunderbird converts BCC to RCPT, but that's not the only way to do it.
Another place to handle BCC is at the MTA - in other words, whatever SMTP server your mail client is pointed to. Sendmail, for example, searches all of the To, Cc, and Bcc lines in the SMTP DATA, and then constructs an address list from those lines, and then removes the Bcc line. You can persuade Sendmail to keep the Bcc if you want to. If sendmail isn't the destination MTA, then it will connect to another MTA over SMTP, and send the recipient addresses via RCPT. In other words, if sendmail is the destination MTA, and it gets a Bcc, it will strip it out, contrary to Amry's statement.
There's also some confusion in the comments. You can specify RCPT addresses to any domain, not just a list of addresses in the same domain. The MTA has to look up the MX records for the destination domains to work out where to send everything. The google.com and yahoo.com statements are wrong.
I am creating a system that sends emails (pricing, orders, invoices, etc) to out customers. But due to the number of emails that ends up being, we hit limits when trying to send through gmail or any other mail client. And since these are all customer specific emails using a bulk sending client is not ideal.
So I have created a system using mailkit and others to send our emails from our own servers without needing to set up a relay or email server for sending. This works great with everyone (Gmail, outlook, etc) except for yahoo. For some reason when I connect and mailkit tries to switch to STL (via startstl) yahoo sends garbage and mail kit fails.
I have enabled all ssl and tsl protocols. And I have ServerCertificateValidationCallback always to return true. In fact ServerCertificateValidationCallback doesn't even get called.
The errors that are thrown start with:
A call to SSPI failed, see inner exception
then
The message received was unexpected or badly formatted.
If I try to connect to any of the other SMTP ports 465 or 587 the system just hangs.
This all happens when connecting, before the email is sent. So it cannot be a DKIM issue. And the SPF record is set up correctly. We don't have the reverse dns setup because we plan on sending from multiple servers with different IPs.
I don't know why yahoo is being so difficult.
Tried talking with MailKit, tries allowing all TLS and SSL connections. Tried finding any YAHOO support.
using (var client = new SmtpClient())
{
client.LocalDomain = "MyDomain";
// right now we don't care about all SSL certificates (in case the server supports STARTTLS)
client.ServerCertificateValidationCallback = (s, c, h, e) => {
return true;
};
client.SslProtocols = System.Security.Authentication.SslProtocols.Tls11 |
System.Security.Authentication.SslProtocols.Tls12 |
System.Security.Authentication.SslProtocols.Tls |
System.Security.Authentication.SslProtocols.Ssl3 |
System.Security.Authentication.SslProtocols.Ssl2;
client.CheckCertificateRevocation = false;
client.Connect("mta6.am0.yahoodns.net", 25, false); //<--- fails here
client.Send("test", fromMailBoxAddress, recipientsEmailBoxAddresses);
client.Disconnect(true);
}
To answer your question, I might have an idea why Yahoo is being so difficult - it's possibly your message construction. Verify your MimeMessage has the same exact email address for your From and Sender addresses. Ensure your ReplyTo only contains the Sender email address. I had both the sender and recipient email addresses in the ReplyTo and Yahoo did NOT like that. And, of course, you are using a Yahoo App password for authentication. Once I made these two changes, Yahoo sent the email successfully.
Settings
client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
client.DeliveryStatusNotificationType = mail.DeliveryStatusNotificationType.Full;
await client.ConnectAsync("smtp.mail.yahoo.com", 587, SecureSocketOptions.StartTls);
await client.AuthenticateAsync(yourEmailAddress#yahoo.com, yourYahooAppPassword);
await client.SendAsync(Message);
await client.DisconnectAsync(true);
Research
Bad message construction breaks one of Yahoo's many policies. This was ONLY happening with SMTP via Yahoo. SMTP via Gmail and Outlook work fine. I kept comparing a simple MailMessage with MimeMessage message construction. MailMessage sent, MimeMessage failed, I kept getting a 550 request failed; mailbox unavailable response from Yahoo every time with my MimeMessage. I verified by using ProtocolLogger. My From was empty and that is one issue, and, I had the recipient in my ReplyTo. If I merely added the sender to the ReplyTo, it still throws that same 550 error. I had to ensure the sender was the only email in the ReplyTo.
Hope this helps.
Use client.Connect("mta6.am0.yahoodns.net", 25, SecureSocketOptions.None); if you want to disable STARTTLS or use client.Connect("smtp.mail.yahoo.com", 587, SecureSocketOptions.Auto); which works fine.
Not sure where you are getting "mta6.am0.yahoodns.net" from, but I can't even make a normal socket connection to that address.
I have an issue with my mail server on Digital Ocean. My mail server works on the “Mail in a box” app. Each time, when I tried to sent mail to, for example: some#gmail.com I had the same response:
Undelivered Mail Returned to Sender
From
MAILER-DAEMON#mail.sporta.io
This is the mail system at host mail.sporta.io.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<denis.rohlinsky#gmail.com>: host gmail-smtp-in.l.google.com[108.177.126.27]
said: 550-5.7.1 This message does not have authentication information or
fails to pass 550-5.7.1 authentication checks. To best protect our users
from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for more 550
5.7.1 information. v27si4529334edm.111 - gsmtp (in reply to end of DATA
command)
Reporting-MTA: dns; mail.sporta.io
X-Postfix-Queue-ID: 83217200D6
X-Postfix-Sender: rfc822; admin#sporta.io
Arrival-Date: Fri, 1 Feb 2019 20:27:51 +0100 (CET)
Final-Recipient: rfc822; denis.rohlinsky#gmail.com
Original-Recipient: rfc822;denis.rohlinsky#gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 This message does not have authentication
information or fails to pass 550-5.7.1 authentication checks. To best
protect our users from spam, the 550-5.7.1 message has been blocked. Please
visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for more 550
5.7.1 information. v27si4529334edm.111 – gsmtp
Subject
test
From
admin#sporta.io
To
denis.rohlinsky#gmail.com
Date
Today 21:27
P.S. I checked my server via another services (sent message to mail.io, mail.com, mail.ru)
and it worked correctly. I can send mails to this services without any problems, but gmail continues to block my mail. What do I need to resolve this issue?
to send mail to mail.com, mail.ru successfully
to receive my messages from gmail
Register the sending email address with Gmail and wait for it to be authenticated. Gmail will accept mail only from gmail addresses or addresses known to be associated with a Gmail account.
As Juan mentioned in his reply here, you would probably need to add required DNS TXT records. Alternatively, you could look into the Google Postmaster Tools. It might shed some light on the issue at hand.
Emails without authentication often get rejected or marked as spam to protect recipients from phishing scams. Unauthenticated emails with attachments might get completely rejected for security reasons.
To ensure Gmail can authenticate you:
Send from the same IP address
Keep valid reverse DNS records your IP address that point to your domain
Choose the same address in the 'From:' header for every bulk message
For mail.sporta.io Reverse DNS Resolution - No PTR Record found.
For dmarc:sporta.io DNS Record not found.
For spf:sporta.io DNS Record not found.
I'm using Mandrill for my transaction email needs and it works great. Unfortunately very often when I send emails via my email client the emails go to the recipients spam folder.
Is there a way to use Mandrill for outgoing emails via a mail client (such as Apple Mail or Thunderbird)?
You can use the Mandrill's Outgoing Server (SMTP) Setting in the MailClient of your choice.
SMTP Settings
Outgoing Server: smtp.mandrillapp.com
Outgoing Server Port: 587
Auth Required: True
TLS: True
Username: complete email-id
Changing the MailClient is not probably going to mark your mails as legitimate.
There are multiple reasons for mail going to spam folder of recipient like:
Mandrill's IP address got blacklisted in recipient's SMTP (MX) server.
Your mail contains some links or content which is recognized as suspicious and hence recipient marks such mails as spam.
In short, mail getting marked as spam depends upon:
Sender SMTP server's reputation.
Sender's mail content.
Receiving SMTP (MX) (i.e recipient's) server business logic for mail classification.
I'm working on a support app which would allow customers to mail to support#myapp.com and reply to this same email address. I have set up ticket+[id]#myapp.com to be visible within the support team whenever there's a new ticket created. I am using Cloudmailin for the incoming emails and SendGrid for outgoing.
I want to be able to store the ticket ID in the email headers of the email that is sent to the customer from support#myapp.com. When the customer replies to support#myapp.com, the app will then read the headers and know which ticket ID to route to. I have read up that it is not recommended to include X-custom headers as it would get stripped off by some mail servers.
There are some suggestions to use the Reply-To header to store the ticket ID but I can't seem to find that header in Cloudmailin.
Appreciate any suggestion on this matter.
I think you have the right idea in using the +'s to differentiate the emails. To read the incoming email header, you can use the headers[to] in cloudmailin.
Message Sender <sender#example.com>
------cloudmailinboundry
Content-Disposition: form-data; name="headers[To]"
Cloudmailin headers file