Altering the "From" or "Reply to" in google SMTP - asp.net-mvc

I want to provided "Email a friend" functionality to my site. I have a ASP.MVC site and I am using GMail as our provider (google apps for business).
So, a user will press my "Email a friend" button and be asked to enter their "reply to email address" and the persons email the wish to send the email to. I then use our log in credentials to send the email. The problem is the the "reply to" address is changed to the credentials address.
So bob#home.com wants to send an email to tom#home.com. He enters the correct email addresses for both tom and himself. But when tom get the email its reply to is "sendingsite#gmail.com" which are the log in credentials.
I have done some research on this and as far as i understand this is not possible in gmail.... I believe.
My question is two fold.
Is this possible in gmail?
If not, how would i go about getting this functionality?
I know there are third party tools which do this and are free etc but we dont want to use these due to privacy issues.

Is this possible in gmail? AFAIK it is not possible to change the FROM address to anything that is not either the google apps account name for the SMTP settings or an alias of it. I believe you can change the REPLYTO address. In System.Net.Mail.MailMessage, there is a ReplyToList property. Are you setting the replyto there?
If not, how would i go about getting this functionality? Try something besides gmail / google apps for business. I have heard good things about SendGrid.
Also be careful with this. GA4B has a limit on the number of mails that can be sent in a specific time period. If you violate this, G will detect that you are abusing the service and lock the account you are sending mails from. They intend their service to be used by people, not machines, to send mail. All it takes is 1 automated attack on your send-to-friend page to disable your GA4B account, so consider a captcha or some other human-proof widget.

Related

Is there a different validation process for "to add Logos for Non-Gmail Accounts"?

I received from Google the following instructions to add Logos for Non-Gmail Accounts:
These instructions explain how to add a logo, or avatar, to a non-Gmail email address, for example mailer#mycompany.com. Once added, all emails from that account will show logos on all three Gmail clients: Android, iOS, Desktop
In a new incognito window, visit
https://accounts.google.com/SignUpWithoutGmail
Create a new account using the non-Gmail email address. You will be
required to enter a passcode sent to this address, so be sure you
have access to read this address's email.
Once you're logged in to the new account, visit
https://myaccount.google.com/personal-info and click on "Photo" to
change your profile picture.
You'll immediately see the new logo on desktop Gmail, including on
email already sent. Android and iOS clients will take 24 hours to
start displaying it. You can change the logo whenever you wish, but
again it will take 24 hours to update on mobile clients.
I can't follow this instructions because the sender email address of our email marketing communications only exists as a sender for our email marketing tool (SFMC = Salesforce Marketing Cloud). It means that we don't have and inbox associated to it, so we won't be able to retrieve the passcode mentioned on the step 2 above.
NOTE: I can't configure the domain in order to have an inbox because it will break our email marketing platform configuration.
Is there any other way to validate that I am the owner of the subdomain (instead of receiving a passcode)? Maybe adding some TXT record to the DNS?
As far as I am aware this is the only way to add the sender image in Gmail, since this is the only way to run through the verification.
Can you explain a bit more why adding an inbox would break your Marketing Cloud configuration?
Alternative your alternative is to use BIMI record, it`s valid for the many of ESP including Gmail: https://www.emailonacid.com/blog/article/email-marketing/bimi/

URL in Gmail Alias

At our company, we are working with several aliases. The current situation is that one team of 10 has two aliases. In SalesForce, they would like to put the link to specific emails so that anybody out of the team can open an e-mail related to a claim for instance.
In the e-mail's link, there's the "/u/0" part that identifies the mail gmail account (firstname.lastname#...), but it seems that the aliases have a different number for everybody.
So to be clear when they open the same mail in the shared alias, the e-mail ID stays the same in the URL (logic) but the digit after the "/u/" changes for everybody.
Is there a way to generate a URL that will open the e-mail independently of the person that clicks on the URL ?
Edit:
I'll try to be clearer. Our Customer Service Center employees all have two e-mail adresses: an individual one, and a delegated one. Customers will send e-mails to the delegated one (accessible by all employees). So what we would like to do is copy the link of the e-mail into SalesForce so that any employee (who has access to the delegated gmail) can check the e-mail. But, as explained above, as the individual gmail adress is always identified by a "0" after the "/u/" chain in the URL:
https://mail.google.com/mail/u/0/#inbox/156b821f776b6d4a
the delegated gmail adress is identified by a number that differs depending on the person. So employee A will have "/u/144/" as link to the delegated gmail, another employee will have "u/345/ as link to the delegated gmail. This makes it impossible to access the e-mail by clicking the link...
Hope this little case-study makes the issue clearer.
Thanks in advance
Julien
I'm trying to do this too.
I think the only way (outside of paying for the Google business email system) is to have a database of user IDs that link to each user's gmail delegate URL.
I have a system that allows about 6 or 7 users to login, however they all share the login details (it's a small website, with no important information stored). I will have to force them all to have separate login details, and then have a lookup for their gmail delegate URL.
If you have a lot of staff, then you'd have to get their buy-in. Maybe send a global email around that links to a simple web form, that takes them through how to enter their delegate URL. Then store this in a database, with their own personal email (the other gmail account). You should make the form validation strict, so no garbage gets entered. For users who get stuck (fail validation for entering a valid gmail delegate URL), ask them to email support. 95% of staff should be able to handle this. The other 5% would just be an exercise in patience, in getting the rest of the data.

Is there any way to send the email without opening the MFMailComposeViewController?

I need to send the email without opening the MFMailCompseViewController. I have searched about this and got some point like use the web service and another one is connect with gmail server through ask the emailID and password from the user.
My email format is fixed i just have to send the email to user whose id will be given by the user without showing any thing else.
Your existing research is accurate - you can connect to some web service to send the e-mail automatically, but you can't automatically create, configure and send using MFMailComposeViewController. The user always gets to see the presented controller and choose whether to do any editing and whether to send or not.
There is no way of sending an email directly from iDevice without showing the MFMailComposeViewController.
If it was possible it would be a great tool for mobile distributed spam bots.
Things to consider: MFMailCompseViewController is an interface for the user to compose an email.
If you want to use it, you have to hand over control to it. Apple does not expose the underlying functionality to you: it has to go through this view controller.
If you don't want the user to be aware that you are sending emails on their behalf (I assume it is on their behalf or you wouldn't need the composer view) you are probable doing things a little wrong; why would you want to send an unsolicited email?
If you want to report information from the device, implement a web service and send it to that. Email is meant for correspondence; don't hijack an account.
If you still need an email, have the web service create it

MyOpenId not sharing email address

I'm trying to use MyOpenID for my sign-in, but it doesn't seem to be sharing the email address.
If I use Google or others I do seem to get the email address, though. I thought that this was a standard field to return.
I even see some documentation here that seems to suggest they would share email:
https://rpxnow.com/docs/providers
(I'm using Ruby on Rails and Janrain for this project)
One interesting thing is that if I setup an identity page on MyOpenId, then the email IS shared with my application. I thought that there was supposed to be a way when logging in with MyOpenID to specify what data is shared during "SimpleRegistration"?
The problem was that I was testing with my own MyOpenId account and the very first time I logged in to my development server I had not paid enough attention.
When logging in the first time it said something along the lines of "blah site is asking you to share information with it. Click here to use an existing persona or to create a new one. I didn't select one and it defaulted to "don't ask again".
I was able to fix this by going in to MyOpenId and revoking permission for my site. Then the next time I logged in it asked me again and it worked.

Is captcha required when I have email verification step, while registration?

I am building an asp.net mvc web application.
Do I need to use captcha while user registration.
Because we make the user verify the email, by the standard way, like sending a link in the email and when the user clicks on the link, the email is verified.
Do you think bots can actually open an email and verify? And moreover the bots will need a new email address for every registration.
Yes, bots can create new email accounts and send and receive email from those accounts.
You don't need to use a CAPTCHA if your site is unlikely to be targetted by bots but if you are worried about an attack then a CAPTCHA is a good idea and fairly cheap to implement. You should bear in mind that it negatively affects the usability of your site and could make it difficult for some users to log in.
The "new email address" for every registration requirement isn't hard to beat (think mailinator.com) but I can't imagine a bot confirming your email, you just have to deal with sending out redundant emails and assess if that is an issue.
I think the jist of it can be summed up like this:
captchas help protect against
automated signups
email confirmation helps protect
against impersonation
Email confirmation is much easier than a good CAPTCHA for a bot to pass.

Resources