RoR: Providing users with unique email addresses - ruby-on-rails

As an RoR newbie, I'm hoping to get insight into what direction I need to take on how to achieve the following (or if its even possible.)
My app will serve as a middle-man between a user and a 3rd party application. Users of the 3rd party application are provided a unique email address that they can send email(text) to, which is then saved into the 3rd party app.
Instead of users sending text to the 3rd party app, I want intercept this text, and strip out the metadata (date, from, subject, etc.), then save each of the pieces of data accordingly into the 3rd party app. With that being said, I envisioned providing users with unique email addresses from my application, that I would match up to their 3rd party address.
Question 1: How would I auto-provision my unique email addresses in
RoR? Question 1.1: Are there providers/APIs that allow for this?
The dirty way is for me to use a hosting provider that allows for unlimited email addresses and manually create a lot of them.
I was looking at using a service such as Mailgun or Cloudmailin to help facilitate the capture/parsing of the incoming email contents.
I don't believe a "catch-all" email address would serve me, as users can share my provided email address to anyone, (e.g. via a mailto link on their website), so most people emailing in may not be users in my application.
All advice/assistance is greatly appreciated. Thanks for your time.

Mailgun is your best bet for something like this - you can use a route to match the pattern of your email addresses, POST it to your RoR app, and then handle all of the processing and parsing internally. This will easily let you scale to however many addresses you want (and you can design your addresses so different patterns go different places).
Also, Mailgun/Rackspace "Fanatical Support" is really nice to have when something goes wrong.
Having used MailGun for the last 18 months or so, the one caveat I will give you is that while it is very reliable and easy to use, you will occasionally experience delivery delays depending on how busy they are. These can be a bit confusing or frustrating, but I've never had them "lose" a piece of mail on me.

Related

Handle emails in a Rails 7 Multitenant Web App

I'm developing a multi tenant (with apartment gem) dashboard application with Rails 7. I've bought my own domain for the application but I have no email service yet.
How does my app work?
A customer sign up for it
He can decide to use a custom subdomain like customer1.example.com to reach his dashboard
He also can chose to use his own domain like customer1.com. I've handled this part with cloudflare for SaaS feature
He will use his own dashboard to let other people join, create accounts, interact with that dashboard
What am I looking for?
I'm looking for the best solution to implement these features:
Sending and receiving email for my application: something like info#mydomain.com, support#mydomain.com etc... (and this is the "easy" part. I think I simply need an email host
Here's come the (for my little experience) hard part:
How can I create a system of mail for actions like signup confirmation etc? I think those could just be some sort of "from" email and don't really need to exists.
How can I let the customer send/receive mail sent for example to customer1#mydomain.com or info-customer1#mydomain.com?
In case I just said something really stupid, what should be the correct way to handle emailing in an application like this?
Thanks to everyone, tell me if you need more information!
customer1#mydomain.com and info-customer1#mydomain.com are mailboxes.
You should create the setting for each company and use it to send/receive the email. For dynamically, you can create options to select belike "send as a mailbox"
If you want to find a product to manage sent/received emails from many mailboxes, you can try this instead of implementing

Email clients access my webapp with changed / strange URLs

For a few years now I observe a strange behaviour, most likely triggered by enduser's email clients using my webapp (Ruby on Rails system, doesn't matter tho).
I am running a mid sized business and send out thousands of mails to my customers each month who buy leads from me.
The emails include two links, one to buy the lead and the other to give feedback. There is a dynamic part in both URLs which is a UUID, example:
offer/968ec0c1-e105-4c70-95b2-fd0c799b58f3
and
feedback/968ec0c1-e105-4c70-95b2-fd0c799b58f3
Every now and then, my webapp gets accessed at the same time on both links (which makes me confident it is not the user since it is the very same second they get accessed) but with different dynamic parts in the url, so i see in my logs
offer/NGVjZjA0YT
and
feedback/NGVjZjA0YT
It is always a random string with a length of 10 chars.
So this is not a big deal since it happens only 1-2 times per week and as far as I can tell no user is really affected by this, but still I wonder what's behind this. Did any of you experience a similar thing?
Maybe an email client wants to crawl / load a preview, seeing an uuid pattern in the url and changes it because whatever?!
I disabled link click tracking in the email sending provider (sendgrid), just as a side note. So they won't / shouldn't replace the email links. Also experienced this when sending links via AWS SES.
Im just curious. Any ideas or experiences? Thanks in advance & have a great day!

Detecting use of iOS's "Hide my Email" on website signup

Apple's latest changes which allow users to hide their IP, hide their email, etc. are creating problems for my web-based app (non-native) which relies upon these things to build a sense of who a person is.
In most situations, I can see why these are great "features" to have, however in my use case I have a voting platform that utilizes things like email address and IP to do a decent job at detecting duplicate votes or fraudulent vote (i.e, logins from other countries, etc.).
Now, before anyone says "These aren't foolproof ways of identifying a person" and derail my actual question: I know. I'm not looking for perfection, but these methodologies shed light on the 95%+ of people who might be trying to circumvent our voting system.
Apple placing the ability to circumvent these measures by being right up in front of the user as a first-class feature shoots major holes in my existing strategy.
Is there a way to detect if a user is utilizing these methods to where I could prompt them that they need to sign-up without using these features?
I think it would be easily justifiable to explain that, due to the nature of the application being a voting website, the ability to create multiple aliases would directly undermine the purpose of the site.
Perhaps there is an email address pattern to look for (I know in my test cases, I was getting email addresses #icloud.com).
If there is no reasonable way, I need to rethink the entire process of identifying individuals and preventing aliases (phone / text confirmation, etc).

Rails/Devise - preventing spam signups?

We have been noticing a large number (~3400) of fake signups over the last year and have not been able to determine where they are coming from. Common parameters:
They often come from weird, yet validly formatted, email address (many in the .ru TLD or from thefmail.com)
Some use cyrillic or arabic characters in their name (we are basically focused only on US English speakers by our content)
They do NOT trigger the Intercom.io javascript for account signup notifications
They somehow defeat reCaptcha 3
They sometimes use URLs for their username
They don't confirm (devise_confirmable)
We've been handling these by disabling the accounts, and there's obviously a few items above we could use to identify these before they even get created, but I was wondering if someone's cracked this nut already or if there's some simple best practices (pwned db check?) that might cut this down to a dull roar or out entirely.
The two big "I don't get its" are bypassing the JS and defeating recaptcha. Is this just mechanical-turking?
Do you know whether these users have been created by the same IP address? (probably not). Are the accounts sporadically created or are they created in batches? The gem rack-attack could be used to mitigate this issue, especially if at least one of these conditions is satisfied. It also comes with some sort of fail2ban filter which could be helpful, as it is designed to detect suspicious requests from 'misbehaving' clients.
I also can't understand how they possibly bypassed recaptcha.

Anonymous contact form iOS app

I currently work at a school and have an idea to create an app that allows students to contact a grown up (for example, the principle) anonymously through an app. The app would quite simply consist of a contact form. I am trying to find out the best, and easiest way to achieve this without setting up servers with a separate API. Does anyone have a suggestion on how to achieve it? Is there any way to set up an e-mail form with a pre set recipient and a built in sender-account? Please guide me in the right direction.
You would need to implement an SMTP client. You can use open source code like skpsmtpmessage
It's likely that their example app could be your solution.
Your biggest problem will be the deployment. You definitely need to pay an $99/y developer account and add all the students device ID's to your account (with a maximum of 100 devices/y) or register all of them as beta tester (I don't know the limitations).
Probably this isn't doable so easily, as it seems you don't have iOS developing experience so far. Maybe you can find something on the app store that works with self hosted databases. But you definitely need to host some kind of webApp/API.
You may want to give Appygram a try to handle the back-end if you are able to set up the contact form itself. While it's a separate hosted API, at least you don't have to build/manage it.
Appygram is a free web service that would allow you to configure all the details such as which adults could be contacted, their point(s) of contact (i.e. email address), and it would process and send all the submissions for you. All your app needs to do is send a form post request.
A nice thing about having this information outside of the iOS app itself is that you can change the contact details on the fly without requiring an update to the iOS app itself. Whether you use Appygram (which, since I contribute to it, I am slightly biased toward!) or something similar, I would say that since this is for students, I would recommend a solution that would allow you to update your configuration without requiring app updates.
Finally, I'd second what Julian said. The challenge here could be with deployment. One possible alternative would be to make this a mobile-friendly web page accessible only via student login or on the school network (or both). Would probably be easier development-wise and wouldn't require installs nor the hurdles that Julian described with device registration, etc. And, Appygram would still work with this setup as well.
Good luck!

Resources