Gmail Actions in Inbox - debugging after domain registration - google-schemas

I cannot figure out how to set up Gmail Inbox Actions. I sent an email to gmail-schema-whitelisting-samples#google.com, then filled in the registration form. However, schemas are not showing up.
Should they work immediately after registration? My SPF and DKIM records seem to be fine. I send all emails from registered domain in quoted-printable encoding, could it be the reason for schemas not showing up?
Received-SPF: pass (google.com: domain of pm_bounces#pm.mtasv.net designates 50.31.156.118 as permitted sender) client-ip=50.31.156.118;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of pm_bounces#pm.mtasv.net designates 50.31.156.118 as permitted sender) smtp.mail=pm_bounces#pm.mtasv.net;
dkim=pass header.i=inbound#livechatinc.com

Your request will be manually reviewed and a Google representative will contact you for further details or to update you on the status of the approval. Quoted-printable encoding is supported.

Related

How to use first data token in First Data global gateway e4?

I am using first data global gateway web service version 27. I am generating first data token from this site
https://developer.payeezy.com/payeezy-api/apis/post/transactions/tokens
Now i don't know where to use this token when request to web service?
I am passing these parameters to web service
ExactID
Password
Transaction_Type
DollarAmount
Expiry_Date
CardHoldersName
Card_Number
TransarmorToken
CardType
I use generated token in 'Card_Number' parameter but it gives me error 'Invalid credit card number'
Can someone please tell me where to use token?
I had the same message, please check the CCN owner address.
The CCN error validation disappeared after correction..
Hope this help!

Isn't a constant validation key a security risk?

Today I learned that on server farms, I must not use validationKey="AutoGenerate", but specify a 'fixed' string value for validationKey, for consistency across request handling by the farm servers. The example given was:
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>
I was under the impression that the generation of a new key for every request and every user enhanced security quite a bit, but if the key is constant, it be retrieved from the hidden field on a form and used in a forged request.
Or must I cease using hidden fields for this key when on a server farm and use a header or cookie instead?
I say the anti-forgery key is stored in the form because this Razor markup:
#Html.AntiForgeryToken()
renders this HTML:
<input name="__RequestVerificationToken" type="hidden" value="bH6_-oZcRMuC9tA13RrOzmr0N3sWrzgkjKOhg2igHs5K2-G0HbJbF3KaK-QMrUDcQTXFbHJ-HFMNn9AjvF-TkAuBFo5f8Afi8q0OHXBzOTI1">
Unless we are talking about different keys here, but how would that work?
No, it's not a security risk.
The autogenerated key is not sent in a hidden field in the form, it's stored in the Local Security Authority (LSA) on the server (ref). If the key was sent in the form then there would be no need to have the same key on multiple servers. There would also not be any need to retrieve a key to forge a request, you could just send whatever key you wanted in a request.
With autogeneration the server doesn't generate a new key for each request, it generates a key for the server (or for the application if the IsolateApps option is used). It's only the message authentication code (MAC) that is generated for each request.

generate email address that links to a message thread like Facebook in ruby on rails app

Facebook sends email notifications when a new message has arrived in a facebook message thread. The email allows you to reply on it without going to Facebook.
I think it is being done by Facebook by generating a reply to email address that is linked to the message thread.
Example of such a reply-to email adress of a facebook email notification (I modified some characters, so it won't work):
m+51r6w8e000000bu1jfpbziio6jmfnvvtkaevxrgojnel8qv#reply.facebook.com
I'm trying to implement a similar feature in my rails app.
I'm still a newbie in rails and wondering how I should approach this issue.
I was trying to encrypt the id of my message thread using the encryptor gem, then using this as an email adress in the form: encryptedId#mydomain.com. Issue is that the encrypted output contains characters that are not allowed in an email address.
As I know little about encryption I googled and found the possibility to base64 encode the encrypted output. This is common practice for urls. But still, this has characters (for example %) that are not allowed in an email adress.
I found that RC4 should be an encrytpion algorythm that has hexadecimal output. But the encryptor gem gives me 1 non-hexadecimal character when using this algorythm, so it doesn't seem to work. Conclusion: I'm a bit stuck.
Maybe I'm looking to far. Are there other appoaches that I could consider?
EDIT: extra info: I'm trying to make the email address non-guessable.
Thanks!
If you are trying to keep your response email addresses non-predictable, you can create your email address out of a concatenation of:
some unique aspect of the message thread such as a row ID
a similar unique attribute of the user being sent the email
a MD5 encoded hash of both of those items plus a unique string known only by your system
a random salt to the MD5
So if user 7812 posts in thread 8299 you could make your base string
u7812t8299
then take that string "u7812t8299" plus the time the email was sent (say 12:31), and a string known to your system like "purpleumbrella"
Your result string is "u7812t82991231purpleumbrella". Using:
Digest::MD5.hexdigest("u7812t82991231purpleumbrella")
we get an MD5 hash of:
5822aceca1f70afdb06f53b5c7e4df99
now send the user an e-mail with a return address of
u7812t8299-1231-5822aceca1f70afdb06f53b5c7e4df99#yoursite
When you get an e-mail back to that address, your system will know that it's for user 7812 posting in thread 8299, and because only your system knows the password required to create the MD5 sum for this combination that would result in an MD5 string starting with 5822aceca1, you can verify to a certain extent that this is not a randomly generated email by someone trying to spam your system.

obtaining POST parameters at a URL passed through by DYNDNS

Background:
Foobar.htm form uses this:
<form action="http://rawurl-here.gotdns.org" method="POST">
[...]
</form>
rawurl-here.gotdns.org is a Dynamic DNS url that redirects the user to:
http://currentsite001.mysite.org
Question:
Is there a way to ensure that the POST parameters sent by Foobar.htm always reach the final target, regardless of the passthru from rawurl-here.gotdns.org?
No, POST requests cannot be redirected. The HTTP spec says that any attempt to redirect a non-GET/HEAD request must be confirmed by the user. However, as noted in the text for the 302 redirect, most browsers ignore this and simply change the POST to a GET instead at which point your parameters are gone.
rawurl-here.gotdns.org is a Dynamic DNS url that redirects
You need a dynamic DNS service that doesn't redirect, but just points the DNS A record directly to your IP address. Set your box up to respond to requests for rawurl-here.gotdns.org and now you don't need a redirect.
DNS redirect and framing services suck anyhow.
I normally use DynDNS and haven't problems with POST data.
Do you have problems? Or just want ensure if the data are sent for your target?
[]'s,
And Past

How do I avoid that ASP.Net (or IIS?) decodes my URL-encoded ciphertext (resulting in a 404) instead of passing it to the Approve script?

I'm working on a piece of a web application in ASP.Net MVC where the user registers for membership using an sql membership provider. When they register they are put in the system but not approved. The code then sends an approval email to the user with the email given.
BfEncrypt refid = new BfEncrypt();
refid.Encrypt(user.ReferenceID);
string code = HttpContext.Current.Server.UrlEncode(refid.CipherText);
...
Body += "Approval Link\n\r\n\r";
But when a user clicks on the link they get the following error:
Description: HTTP 404. The resource you are looking for (or one of its dependencies)
could have been removed, had its name changed, or is temporarily unavailable.
Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Approve/k/9IHrY43os=
The question is, if I'm url encoding the link before I send it, why is it decoding before it tries to call the action? The url in my browser is actually 'http://localhost:1091/Approve/k%2f9IHrY43os%3d' when I get the error. My routing is setup correctly but it doesn't account for the extra '/' in the encrypted string in the url (since it shouldn't be there anyways.)
You could encode it as base64 instead of using URLEncode.

Resources