search

LalaCuteGroup / lala-referral

A referral service serving the members of LC TG Group
4 stars 6 forks source link

Research Mechanism/Services to perform Email Verification #4

Open heiheihang opened 1 year ago

heiheihang commented 1 year ago

We need to choose a right tool to perform email domain verification for referrer profiles.

Possibilities

jonowo commented 1 year ago

Sending email

1. Using Amazon Simple Email Service (SES)

There are several options of using SES:

  1. Using SES SMTP interface
  2. Using SES API
    1. Making HTTPS requests (manually handle authentication)
    2. Using AWS SDK (e.g. boto3)
    3. Using AWS CLI

2(ii) will the least troublesome option. According to this guide (also includes code examples), it will require the following steps:

  1. Setting up IAM user
  2. Create and verify an email address identity
  3. Installing AWS CLI and SDK

2. Using Python libraries

We will need to use a SMTP server, for which there are two options:

  1. Gmail SMTP server: requires a Google account
  2. Setting up our own SMTP server: needs to be hosted on EC2
    • Python documentation recommends using aiosmtpd instead of the built-in but deprecated smptd for hosting an SMTP server.
    • Quite simple, just run aiosmtpd -n to host an SMTP server at localhost:8025.

We can use the built-in email library to compose email messages and smtplib library to communicate with an SMTP server.

Using SES through AWS SDK makes the most sense considering our architecture.

Confirming email address ownership for referrer

1. Amazon SES Verification

Using SES verification for this use case is technically possible albeit a bit confusing. While SES verification is used for verifying email address identities used to send/receive emails through SES, it can also be used to verify email address ownership of end users.

It is highly recommended to create a template instead of using SES's default content for the confirmation email. This will also allow us to redirect users to a given URL on successful and unsuccessful verification. To use this feature, we need to move out of the SES sandbox.

Example

2. Implementing our own confirmation mechanism

One possible implementation would be to store Telegram user id, to-be-verified email address and verification key in a DynamoDB table. Then we will send an email to the user through SES or an SMTP server with a confirmation link containing the verification key, which leads to an Lambda which will mark the referrer's email address as verified.

ඞඞඞ

heiheihang commented 1 year ago

I think adding an AWS Lambda that uses AWS SES is the easiest solution and is sufficient for our use case. I am a bit skeptical in moving out of the SES sandbox as one of the limitation is

You can only send mail to verified email addresses and domains, or to the Amazon SES mailbox simulator.

I don't think we can do that. Is the default AWS SES content not good enough?

jonowo commented 1 year ago

The mentioned limitation is actually of being inside the SES sandbox. We are currently inside the sandbox as it is the default setting. For our project, it is necessary to move out of the SES sandbox because we need to send emails to unverified email addresses, regardless of whether or not we will use SES for our confirmation mechanism.

ඞඞඞ

heiheihang commented 1 year ago

Yes I misread the document, your research is right and we must move out of the sandbox.