I occasionally receive emails from Google ([email protected]
), similar to the following:
Subject: Suspicious sign in prevented
Someone recently tried to use an application to sign in to your Google
Account, [email protected]. We prevented the sign-in attempt in case
this was a hijacker trying to access your account. Please review the
details of the sign-in attempt:
Monday, November 19, 2012 8:40:55 PM GMT
IP Address: 184.72.161.49 (amazonaws.com)
Location: Dixmoor, IL, USA
If you do not recognize this sign-in attempt, someone else might be trying
to access your account. You should sign in to your account and reset your
password immediately. Find out how at
http://support.google.com/accounts?p=reset_pw
If this was you, and you want to give this application access to your
account, complete the troubleshooting steps listed at
http://support.google.com/mail?p=client_login
Sincerely,
The Google Accounts Team
© 2012 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
You have received this mandatory email service announcement to update you
about important changes to your Google product or account.
Indeed, this was me, as I have an app running on Heroku (hence why the IP address is from amazonaws.com
), and I send email directly from my app via Gmail SMTP (I don't think it should matter, but specifically, I'm using the gmail_smtp plugin which I updated for Rails 3.2).
Is there a way to avoid this warning, or a way to whitelist known IPs?
You can indeed use external SMTP providers to send email through Heroku (I do this on several of the apps I run).
As a Google Workspace administrator, you can use email alerts to notify you if there's suspicious sign-in activity for your users. For example, Google might notice a sign-in attempt that doesn't match a user's normal behavior.
Your credit card company calls you when unusual transactions get posted to your account, and now Google does the same in Gmail. A new security feature alerts you when it detects “suspicious activity” in your Gmail account based on the IP addresses accessing it.
Google now gives you Android notifications when new devices log into your accounts. Android users will be told of new device logins to their Google accounts via a notification on the smartphone rather than by email.
I had the same problem when I tried sending emails through Gmail SMTP using PHP. You shoud complete the troubleshooting steps provided at the end of the email.
Short Answer
In a web browser (perhaps Chrome/Incognito), log into your Gmail account (the one via which you're trying to send email from your app).
In another browser tab, open https://accounts.google.com/DisplayUnlockCaptcha -- and follow the steps.
Long Answer
I ended up logging into my Gmail account (mentioned as [email protected]
in the Stackoverflow question above) and saw the following warning:
[Note: I'm piecing this Answer together after the fact.] Clicking the link Was it you?, I'm pretty sure I was taken to a page that contained the following, though below it there was a message and button about adding another application to the list:
[Again, I'm pretty sure...] Clicking the button on that page brought me to https://accounts.google.com/DisplayUnlockCaptcha -- which looks like this:
Clicking Continue brought me to another page:
At that point I just went to my app, and made it send an email.
Note: for general live-testing of email in my app, I have a view at triggers#index
with two buttons that send PUT
requests to these actions: triggers#send_email
and triggers#raise_exception
. This enables an admin to go to /triggers
and send an email or raise an exception to test if the production system is working correctly as far as being able to send email is concerned. Raising an exception in any of my apps emails details to me via exception_notification.
On your Gmail mail box look at the bottom right corner and you can see a Details button. Click on it and then on the pop up window change the suspicious warning settings.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With