7

When I send an email using the Gmail API, recipients that are using the Gmail web interface are getting a phishing warning when they open the email.

However, when I send the exact same email content through the same Gmail account but using the web UI, the recipients do not get the phishing warning.

The only difference I can find between the two received emails, is that the one sent using the API has this additional header:

Received: from 114692869688 named unknown by gmailapi.google.com with HTTPREST; Tue, 11 Jun 2019 11:37:51 -0500

Does anyone know how to resolve this problem?

cbernard73
  • 159
  • 2
  • 4

4 Answers4

3

I have the same problem. When defining your message does not define the from parameter :

def create_message(sender, to, subject, message_text):
  message = MIMEText(message_text)
  message['to'] = to
  #message['from'] = sender
  message['subject'] = subject
  encoded_message = urlsafe_b64encode(message.as_bytes())
  return {'raw': encoded_message.decode()}

In fact, this parameter is also defined when giving the user_id to the send method.

message = (service.users().messages().send(userId=user_id, body=message)
                .execute())
Fabien Letort
  • 31
  • 4
  • 1
    It should be `message['From'] = ...`, not `messages['from'] = ...` (even though Google's Python guide shows the lower-case form). – Zach Young Apr 09 '22 at 01:27
2

In my case recipients get the emails ok, but senders got their own messages flagged as phishing in their sent messages tray.

After some time struggling with this, it seems a case-sensitive issue.

Once I capitalized the f in the "from" header the problem went away.

So:

# sender something like "John Doe <johndoe@gmail.com>"
message['From'] = sender
Marcos
  • 786
  • 7
  • 8
2

Make sure your from-header is ['From'], and not ['from'] (like Google's guide shows).

This one-line diff:

@@ -129,7 +129,7 @@ def create_message(sender, to, subject, message_text):
     """
     message = MIMEText(message_text)
     message["To"] = to
-    message["from"] = sender
+    message["From"] = sender
     message["Subject"] = subject
     return {"raw": base64.urlsafe_b64encode(message.as_bytes()).decode("ascii")}

Is the difference between getting this failure:

enter image description here

and this success:

enter image description here

Zach Young
  • 10,137
  • 4
  • 32
  • 53
1

There are two options:

  1. Send an email through Gmail SMTP (Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers)
  2. Authorizing Your App with Gmail - All requests to the Gmail API must be authorized by an authenticated user. Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data.

When you get an email that looks suspicious, here are a few things to check for:

  • Check that the email address and the sender name match.
  • Check if the email is authenticated.
  • Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
  • Check the message headers to make sure the "from" header isn't showing an incorrect name.**

Yes, the message header is important when sending an email using Gmail API. You will need to trace an email with its full headers.

Jessica Rodriguez
  • 2,899
  • 1
  • 12
  • 27