send email from the alias instead of the main account #277
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The email provided in MAIL FROM is the main account's email address, even if you provide a specific "from" json key in the API call, while the FROM header is the email supplied via the api. This commit causes the MAIL FROM to match the supplied email and the FROM header.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed this when setting up an account in N1: If you send an email from an alias, it'll set the FROM header to the alias, but it'll still use the account's main email in the MAIL FROM smtp command. This causes the return path to contain the main account's email instead of the alias'. This isn't desirable in a lot of cases, since it'll leak the main account's email for any emails sent from the alias.
In my case, I have a fastmail address, plus several of my domains that fastmail handles. If I send an email from my domain, I don't want my main fastmail address to appear in the headers, and I want the DKIM/SPF checks to be against my domain and not fastmail's.
Here's an example where I changed some emails and deleted extra headers, but it's basically real. [email protected] is a (fake) fastmail address, and appears when I send email from mydomain.example.com:
The requests from N1 appear to be correct, ie. they send the correct "from" address to the sync engine, so I did some digging in here and found the call into smtplib that is causing MAIL FROM to be the account's email.
I'm not sure that my solution is actually the right way to solve this problem, since this PR changes the call into smtplib so it uses the supplied from address instead of the email from the account itself. I tried it via curl and a local copy of the sync engine and it did indeed prevent my main account email from being exposed in the headers. If this behavior change is something you guys agree with, I'm happy to work on it more.
Since this changes the behavior of the existing API, a different backwards-compatible solution is something like: add an optional
mail_fromkey to the send API so that defaults to "main" but you can specify "alias" if you want it to use the alias's email. That'd obviously require some changes to N1 as well, but it wouldn't change existing API behavior.Thoughts?
Thanks!