I have a piece of software I am developing that includes user accounts and login/passwords. For password storage/protection, I am using an asymmetric salt+hash system, and thus, if a user forgets their password, I would like the software to send a password reset link to the user's email address.
My question is this: is it possible to send this email from an address that does not actually exist (like do-not-reply#myproject.com)? Alternatively, is there a way to send it from a real email address but to mask the "from" address and make it appear to the recipient as do-not-reply#myproject.com even if it truly came from myemail#gmail.com?
Yes, you can send the e-mail to appear to come from any address. It is important to recognize that there are two 'from' addresses - the envelope sender is often not displayed to the recipient but indicates the server that is sending the message. The 'from' address is different and is specified in the message headers. As this is what what the recipient sees, it sounds like you simply need to customize your 'from' address header in the message.
Note: Some users will have e-mail servers that require proof that your server is authorized to send e-mail from the domain in the 'from' header. You can do this with an SPF record on the mydomain.com DNS zone file.
Related
I am using amazon SES to send notification emails in my project. When a user replies back to this email I want to trigger some actions (like a ticket creation or update). Is it possible to know the contents or headers of the email for which user is replying ?
If the replying user's email system supports it (most do), you should receive an In-Reply-To: Header containing the message-id of the email you sent. If you kept that message (along with the message id) you can use this to retrieve original email.
Sometimes the Refereces: Header might be useful as well
In simple word, whenever I will send mail to anyone (within same mail server) it should appears some fake email address i.e. fakemail#gmail.com but, when they reply to this mail, it should come to my actual email address that is realname#gmail.com.
Note: My both email addresses will use same domain name, but only difference will be fake and real username for that email. I needed for the privacy issue. So, that nobody can reply to my mail directly until I send any mail to them.
Ask your mail server administrator to setup an email forwarding for you.
This is not a Java specific question. What you are asking for is called an
Email alias, and is a standard functionality on mail servers.
You can use a fake "from:" field and a valid "reply-to:" field, but the only people that will be fooled by this are people who would not know how to send spam anyway.
Even if you can (see below) mask the From field, you are giving away your email address in the Reply-To field, so you are still revealing your email address. (And if you weren't, it wouldn't be possible to reply.) So go with #Anony-Mousse and find a proper solution.
Now, please note that there are two "from" fields: one in the SMTP envelope and another in the message data.
It is quite uncommon for current mail servers to let you fake the SMTP from, though it may be possible if the server is using raw SMTP without authorization.
You are more likely to be allowed to send an email with a custom "From" in the message body (which is the one mail clients display, unless you look att all headers). However, the mail server may require that it matches the user you authenticated as.
Example:
Account account#gmail.com
Alias account
I want to send the message as follows:
m_simpleMessage.setRecipient(
SMTPMessage.RecipientType.TO,
new InternetAddress ("account")
);
Is it possible to send an email using an alias?
Is possible send email using an alias?
Assuming that you are talking about some kind of alias defined in Exchange, then I think that the answer is no. Or at least, not unless your application has the smarts to lookup aliases in Exchange and translate them to real email addresses ... before it sets the recipient address.
Is there anyway to get an email sent without putting the password into the code ?
There are many email api-s that enables to send an email with entering the username and password.
Example
sendEmail("myemail#gmail.com","mypass","subject","msg body");
Is there any way around the problem with hard-coding the password in code ?
You have three options to send email:
You include your email and password into the code and in this case
the application will send emails from this email address.
You can ask user to enter his credentials for his email and in this
case you'll receive a mail from user's address.
You can form an intent in your application that will fill neccessary
fields and call user's email client to send this.
If you want silent way to send email then you should choose 1 or 2. But more secure way is to use the third approach.
You can ask the user password one time and then store it in your internal storage. It may be necessary to add a way to change the password later if preferred. Deciding from documentation, the internal storage is even secure, while it is also possible to use additional encryption. This is how most of E-mail clients work.
I have read all the reference in stackoverflow. However, nothing matches in our goal. How can i use bcc in sendmail method in java?
According to the RFC for SMTP, RFC 2821 (link), it is not possible to send an email message without a To: header. (You cannot send an RCPT command without it, see section 3.3.)
As Dietrich mentions, that's not possible with the RFC. If the primary goal is to send to the bcc target email addresses, you could provide a dummy to email address (such as your own email address or a reply-to email), which would fulfill that technicality while still allowing you to send the email to the desired bcc targets.
msg.addRecipient(Message.RecipientType.BCC, new InternetAddress("joe#example.com"));
By default, JavaMail collects all the recipients specified on the Message object, including Bcc recipients, and uses them in the RCPT command to the SMTP server. The Bcc recipients won't show up in the message headers, however (which is the whole point of Bcc).