Sorry for asking it here but it is only place to ask (https://developers.google.com/gmail/schemas/support)
As Google Apps for Business customer we would like to use Gmail-Schema (mainly the "ViewAction" type) for our internal emails:
* server status emails
* order emails
We are already added the DKIM entry to our DNS and it's working with same-user-test.
Question:
Should we still apply via Gmail Schema Whitelist Request form?
Or is there some other approach to get our domain whitelisted
Please fill the whitelist request form with your details and describe your use case, specifying that you are interested in internal emails.
Related
We are seeing a few users for which the graph API returns only a primary email despite knowing that there are multiple SMTP addresses configured for these users. We are observing this on the List Users endpoint as well as the Get User endpoint.
When using the $select parameter to include the otherMails and proxyAddresses properties, both come back as empty arrays. Microsoft365 admins for the tenant to which these users belong have provided us with screenshots demonstrating that some of these users have at least one email alias configured in addition to their primary email.
I'm curious if there's any scenario in which it would be expected that otherMails and proxyAddresses would be empty despite the presence of aliases on a user? Or if there's a particular way in which the request to the List/Get users endpoints must be crafted to get these fields to come back non-empty. According to the docs it seems like a collision between SMTP addresses across directory objects might cause this, but I'm certain that's not the case for all of the users for which we're seeing this issue.
I have a ruby on rails application that authenticates the users through Yammer and then redirects them to the right tenant depending on their network name.
Workflow essentially goes like this:
User is presented with sign-in/sign-up page
Authenticate through the Yammer API and redirected back to a callback URL (yammer.example.com/auth)
The callback controller then looks at the auth response, and determines the network that the user belongs to.
I redirect to that tenant on the subdomain (eg my-network.example.com) and sign the user in
There are some other things that go on here in the background (creation of other users in the network, user matching etc.) but the problem I am having is with the actual network name and subdomain creation and redirection.
The way that the subdomain is currently parsed is to use the SLD of the users network name.
As an example network_name: "example.com" returns "example" as the subdomain for us to create/redirect to.
This was all working great until we started testing with paid Yammer accounts, their network names seem to not play nice with our current code.
This is what we are currently using:
if PublicSuffix.valid?(auth.extra.raw_info.network_name.mb_chars.normalize(:kc).to_s.downcase)
yammer_domain = PublicSuffix.parse(auth.extra.raw_info.network_name.mb_chars.normalize(:kc).downcase)
subdomain = yammer_domain.sld.gsub(/[^0-9A-Za-z]/, '')
else
subdomain = auth.extra.raw_info.network_name.downcase.gsub(/[^0-9A-Za-z]/, '')
end
I'll admit that this is not the cleanest at the moment because I have been hacking a little trying to catch when a network name is not a correct domain and fixing it there. I am normailizing all characters and then parsing the SLD using the PublicSuffix gem.
If it is not a valid domain then I try and normalize the characters and strip everything out that we don't need (so something like L'oreal would just become loreal).
This still seems to throw an error and not parse correctly.
So my question is:
Is there anything different about how the network names are set up with paid accounts vs. free accounts? Is there a more reliable way to return the network name to parse for subdomains using the Yammer API?
Is there anything different about how the network names are set up
with paid accounts vs. free accounts?
No there isn't.
Is there a more reliable way to return the network name to parse for
subdomains using the Yammer API?
If I understand what you're trying to do correctly, I don't think "network_name" is the correct JSON object to use. The network admin can decide to change the network name any time and that would screw your app.
I'd recommend you use "network_domains". The value of this JSON object contains a list of all yammer networks the logged-in user is a member of, and the first item in the list is ALWAYS the primary network of the user.
For example, the result of a GET request to api/v1/users/current.json would contain something like:
network_domains":["jet.usa.cc","jet.onmicrosoft.com","jet2.onmicrosoft.com"]
In the above example, jet.usa.cc is the primary network of the logged-in user. The network domain name cannot be changed, it's a constant. You may extract the value of the primary network in your RoR app and use it as you wish.
I am using the Survey Monkey api to get the url's of surveys I have created which allows me to display surveys from within my application. To do this I have to send my key and authorization with the request.
What concerns me is that Survey Monkey has an api 'create_flow' that allows surveys to be created. Using fiddler I can see my requests including the key and authorization token. As far as I can see, this means that anyone could use this information to access the api and create a new survey on my account, which I do not want.
Is there any way to stop someone from creating new surveys using the API and the auth token? I'm not really bothered about people getting access to the survey details or Uri's as all they can do is post junk survey results that only I will see, but I absolutely don't want anyone else to be able to create a survey that will be presented to all my users with potential malicious text.
It is not possible to make an account read-only.
So if I'm understanding correctly, you're shipping an application which contains your api_key and access token?
This is very much not recommended - the access token is equivalent to your account password, it gives full access to your account.
If you want a way to dynamically list your surveys, the best way to do it is create a proxy web app / API you host yourself. When someone hits that address, it uses the access token / api key you've stored on your box and grabs the list of surveys and then returns it to your app. This is the only safe way to do this.
I am designing a website for a client to sell their services. Basically my client simply wants customers to book slots in appointments diary via paypal and be able to manage their bookings. My strategy is simple registration using email address and generating a 10 digit random booking reference which I will use as a password so that the users find it convenient to use the site (get rid of registration and other stuff). My question is there any security issue if I display the password after a client has made a booking? or should I do it like 4chan i.e just enter email address and password yourself?
Remember that everything you show or send to the user can be read by others. I wouldn't use your approach, but it depends on the purpose of the application and what a (malicious) user can do in your system (e.g. is it read only or can he make changes in bookings?).
In any case I would secure the website with an SSL certificate (which is probably enforced by law as well since you're dealing with personal data).
I have an application built in PHP/Symfony. Part of it requires sending what is essentially an account verification email to users. Unfortunately, it seems that my email is triggering spam filters (gmail, hotmail, probably others) and not making it to the users inboxes.
What strategies can I use to avoid being filtered?
Rather than sending mail from the server where your website runs, it's better to use trusted external mail server. You can do that with Swift_SmtpTransport.
You can even use your gmail account for that purpose: http://www.symfony-project.org/more-with-symfony/1_4/en/04-Emails#chapter_04_sub_sending_emails_via_gmail
Email filters use different strategies for detecting autogenerated emails. Each email filter is different, but your best strategy would be to make sure that you actually creates an email that complies stricktly to the email standard. Include all relevant headers. Make sure that you use the correct encoding for international charachters etc. A well formed email will usually get a better score.
And of course use an email proxy with a good reputation.