Welcome Guest, Not a member yet? Register   Sign In
using google/hotmail/ yahoo api to send mail instead smtp
#1

Hi,
im building an app where my users will be sending emails to using their own gmail/hotmail account.

i can make this easily with SMTP but is there any way i can achieve this using HTTP/API? i must add, users will submit only their email address and password. rest everything i have to set in backend.

is this possible with codeigniter? if yes, some hint will be highly appreciated.
Reply
#2

is there no one to help on this? Sad
Reply
#3

(12-19-2016, 03:58 PM)AdrielGoodwin Wrote:
(12-19-2016, 10:22 AM)tarek009187 Wrote: is there no one to help on this? Sad

Hey Tarek  Smile
Do you mean that you have an application in which users send emails to one another, and you want those emails to be sent to gmail/yahoo accounts that they supply?

Hi Adriel,
thanks for replying.

I have an app, where my users need to send mails to their clients email. those could be gmail/yahoo or any email address. but those mails would be sent from my users own email address(gmail/yahoo etc). now i can do this with SMTP but im looking for a solution where my app will communicate with gmail/yahoo via HTTP API like we use with mailgun/mandrill etc.

here is the scenario,
i have have a form, where my users will submit their gmail address & pass which will verify from gmail if its correct or not. later when ever my user need to send any mail from my app to their client, mails would be sent from that gmail address.
my old app has this with SMTP and it works for yahoo and other mail hostings but for gmail it give issue sometime. for a lot of my clients acess is rejected in their gmail account. so i was thinking of using API this time. is it possible for gmail/ yahoo accounts?
Reply
#4

I think it's very bad practice (and I mean, really really bad) to ask a user of your website / application to hand over their password for their gmail account. I would never trust any service that requires that. Think about all the things that you could potentially do with such access, you would have access to to the users Google Wallet, can setup a seperate adwords campaign on their account for your own website etc etc etc.

I think the problem you are facing is that (luckily) more and more users turn on 2-step authentication to their accounts.

Why not send email from [email protected] and set the reply-to field to the gmail address of your user? That way you dont need a password, you are not dependend of the SMTP server your client uses etc.

If you realy need to, you should do it trough the Gmail API: https://developers.google.com/gmail/api/guides/?hl=nl
"The Gmail API is a RESTful API that can be used to access Gmail mailboxes and send mail."
Reply
#5

(12-20-2016, 04:56 AM)Diederik Wrote: I think it's very bad practice (and I mean, really really bad) to ask a user of your website / application to hand over their password for their gmail account. I would never trust any service that requires that. Think about all the things that you could potentially do with such access, you would have access to to the users Google Wallet, can setup a seperate adwords campaign on their account for your own website etc etc etc.

I think the problem you are facing is that (luckily) more and more users turn on 2-step authentication to their accounts.

Why not send email from [email protected] and set the reply-to field to the gmail address of your user? That way you dont need a password, you are not dependend of the SMTP server your client uses etc.

If you realy need to, you should do it trough the Gmail API: https://developers.google.com/gmail/api/guides/?hl=nl
"The Gmail API is a RESTful API that can be used to access Gmail mailboxes and send mail."

Hi diederik,
I completely understand and agree on some parts with you.

but the think is its my users requirement they want to send emails from their own mail address. we already have an option from where users can using our mail system to send emails having their own from name, reply-to address. but we want to add gmail/hotmail integration as per their requirements. we store all users password in hash though. if you have any suggestion to keep it more securely please suggest us.

thanks for the link. i have already seen that link you provided and already started working with it. do you have suggestion to integrate oauth 2.0 with codeigniter?
also just want to be sure that after integrating that way, my users dont need to do anything else from their end.

also another thing, if i use SMTP for google/hotmail, do i must install postfix/sendmail or something similar in my host? 
sorry to ask so many question as im totally new to CI

thanks a lot for your reply once again.
Reply
#6

and by the way, does it really worth the effort or im just simply underestimating SMTP? should i forgot about HTTP API and stick to the usual way which is SMTP?
Reply
#7

For sending email with CI through SMTP you don't need any special software installed (like postfix/sendmail), thats the job for your hosting provider or your sysadmin. Normally this runs out of the box. Just set the correct config and your good to go.

You say you store the users password in a hash. Can you elaborate on this? Because if you store this in a secured manner (as a salted hash) it won't do you any good... You should not be able to convert your (salted) hash back to the original password which you can use to send email through SMTP. If your application can convert the 'hash' back to a password then a hacker can do to...
A hash is used for authenticating the user itself, by rehashing the userspassword and compare the hash of the entered password to the stored hash. It's designed as a way of being able to authenticate a user without needing to know the password itself.

The only way the above can work is when you store an unsalted(!) MD5 hash of the password. A MD5 hash could be used to authenticate yourself to a SMTP server if they support that AUTHTYPE. But Gmail does not support this, they require a PLAIN password and secure it through SSL.
Besides that, the CI mailer does not support any other AUTHTYPE than PLAIN.

I would advise you to pay more attention to security. Either familiarize yourself more or hire in some expert. Making secure software is very hard work, don't take any shortcuts. Sure it will save you some time but consequences can be very extreme...
Reply
#8

(This post was last modified: 12-20-2016, 10:18 PM by tarek009187.)

Dear Diederik,
really appreciate all your helpful responses.

(12-20-2016, 01:04 PM)Diederik Wrote: For sending email with CI through SMTP you don't need any special software installed (like postfix/sendmail), thats the job for your hosting provider or your sysadmin. Normally this runs out of the box. Just set the correct config and your good to go.

regarding postfix, im going to use an un-managed VPS. so i might need to install postfix on that. plz correct me if i still dont need that.

Quote:You say you store the users password in a hash. Can you elaborate on this? Because if you store this in a secured manner (as a salted hash) it won't do you any good... You should not be able to convert your (salted) hash back to the original password which you can use to send email through SMTP. If your application can convert the 'hash' back to a password then a hacker can do to...
A hash is used for authenticating the user itself, by rehashing the userspassword and compare the hash of the entered password to the stored hash. It's designed as a way of being able to authenticate a user without needing to know the password itself.

so for a misunderstanding. i mixed up user authentication with this gmail password.

Quote:I would advise you to pay more attention to security. Either familiarize yourself more or hire in some expert. Making secure software is very hard work, don't take any shortcuts. Sure it will save you some time but consequences can be very extreme...

thanks for the advice. actually im not the developer just the owner of project and i manage the server side only. im just learning some basic so that i could understand that my project is building on a mannered way. 
now im thinking to put all these hassle aside and use SMTP for my users mail sending part. just curious about the server load using this method. for like 5k mail per day would it make any huge load? must add, all these would be transactional/triggered mail, no bulk mails like 100/200 email together.

also i read on this forum that hash is the better way to store authentication password. am i correct? do to suggest anything better?

thanks in advance.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB