Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate Inbound Mail? With SendGrid specifically?

Tags:

authentication

email

sendgrid

inbound

I created an application which uses SendGrid's Inbound Parse Webhook. Whenever someone emails "[email protected]", the email goes to SendGrid, and then SendGrid hits our server with a POST containing the email's contents. We can then feed that email data back into our main application.

I have it all working. But now I do not know how I am supposed to authenticate the messages SendGrid posts to our server. Does anyone know the best course of action for doing this? Verifying that our inbound emails actually come from authorized users of our main application?

Obviously we can check the "From" address in the headers, but I've read that these can be completely spoofed. Apparently "dkim" and "spf", two attributes of the incoming mail from SendGrid, have something to do with authorization. But i cannot find anything in the documentation, or really anywhere else for that matter, that tells me how I should be consuming these "dkim" and "spf" fields to verify message authenticity.

If anyone has any help, general, specific, or otherwise.. It would be greatly appreciated. Thanks in advance.

like image 908
kdeez Avatar asked Feb 27 '18 17:02

kdeez

1 Answers

Well. Since this doesn't seem to be getting a lot of traction I thought I'd post my own janky-ass solution to the problem, on the off chance that anyone else runs across this issue in the future.

Disclaimer: this could be total garbage nonsense. But it appears to be working all right.

Basically I ended up taking some critical contextual information about the original message that initiated the inbound email. We encode that information in the local-part of the "Reply To" address that we set up with the SendGridMessage. Then I encrypt the encoded local-part.

When SendGrid POSTs to our server with the inbound email, we decrypt the "TO" local-part and validate the result. If it decrypts successfully, we check the "FROM", and verify that they are an actual authorized user of our main application. THEN, we verify that THAT user in question has the correct permissions to edit the information associated with the original encoded local-part of the "Reply To".

like image 92
kdeez Avatar answered Nov 15 '22 05:11

kdeez
Sign in to Comment

Related questions

Embedding Images to Emails
Android: How to send an image as email attachment from application?
Email responses to tracked crm email not tracking correctly
send a rendered view as an email rails
how to avoid email header Received: from unknown and email going to spam
html email with inline images not rendered properly in iphone
spam email by using email library in codeigniter
What is wrong with WebMail.Send when it comes to multiple recipients?
Strange behavior with embedded highDPI images in Apple Mail 7.0
sequelize validation method
How to get Contact ID in Mailjet v3 PHP wrapper?
Does the Win 10 UWP EmailMessage API support having an HTML body?
How can I generate email threads for outlook programmatically?
Sending single mail using mailchimp API V3
WooCommerce - Send New Order / Customer Invoice Email from functions.php file
How to build local node.js mail server
sendgrid giving error sendgrid.Email is not a constructor
Laravel 5.4 using Mail fake with Mail::queue, Mail::assertSent not working
Attach Image to Email in React Native (using rn-image-picker & rn-mail)
Declarative pipeline send email

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!