Tuesday, January 8, 2013

Sending Anonymous Emails

I'm creating an application within Appharbor and wanted to configure Elmah to send emails to me when an application error occurs. Configuration for this is done from the errorMail tag within the Web.config file. The problem is that this tag expects a user name and password and I obviously don't want to set these in plain text.

While researching this I discovered this article which stated that you didn't need to authenticate when sending an email to a Google apps account.

I really didn't believe that this was possible but I gave it a try and it worked. I happen to have a Goggle Apps account so I was able to use the same MX record that was used in the article.

I looked into this more and made the following observations:

1. Anonymous emails can be sent to all gmail and Google apps users. When I say anonymous I mean that you don't have to supply credentials at all. All you need is a valid MX record which can be looked up quite easily.

2. Not only can anonymous emails be sent, you can actually send an email with a from address of gmail.com or of another Google apps domain (or any domain for that matter). This is interesting because when I tried this the Google gravatar of the fake address was actually displayed right in my gmail app. I would have thought that Google would have at least authenticated its' own users.

3. You can't use the smtp server "smtp.gmail.com" without enabling ssl and authenticating yourself with a valid user name and password. This is true for either relaying emails to outside domains (not gmail or a Google apps account) which makes perfect sense but also for sending a an email within the domain.

I haven't tried this with other popular email hosts but I suspect that this behavior is not unusual. It was just surprising to me. Use the following code to try this on your own:

Helpful Links


No comments:

Post a Comment