App Engine applications can send email messages on behalf of the app's email receiving addresses and on behalf of some users with Google Accounts. Apps can receive email at various addresses. Apps send messages using the Mail service and receive messages in the form of HTTP requests initiated by App Engine and posted to the app.
- Sending mail
- Sending mail in Python
- Receiving mail in Python
- Receiving bounce notification
- Sending mail with attachments
- Sending mail with headers
- Mail and the development server
- Authenticating mail: DKIM
- Bulk senders guidelines
- Quotas and limits
The Mail service can send email messages to one or more recipients. The message contains a subject, a plaintext body, and an optional HTML body. It can also contain file attachments, as well as a limited set of headers.
For security purposes, the sender address of a message must be one of the following:
- The Gmail or Google Apps Account of the user who is currently signed in
- Any email address of the form email@example.com or firstname.lastname@example.org
- Any email address listed in Email API Authorized Senders found in the App Engine Settings page of the Developers Console
All email addresses on the Email API Authorized Senders list need to be valid Gmail or Google-hosted domain Accounts. There are restrictions on who can add whom to the Email API Authorized Senders list:
- Application administrators can add themselves
- Application administrators for applications hosted in a Google Apps domain can add email@example.com, as long as firstname.lastname@example.org is a valid account
- Domain administrators of domains managed by Google Apps can add any user in their domain
If you will be sending email from a domain managed by Google Apps, you should set the SPF records for your domain to indicate that Google is a trusted source for your email. For instructions on how to do this, see SPF records in the Google Apps help articles.
You can use any email address for a recipient. A recipient can be in the message's "to" field or the "cc" field, or the recipient can be hidden from the message header (a "blind carbon copy" or "bcc").
When an application calls the Mail service to send a message, the message is queued and the call returns immediately. The Mail service uses standard procedures for contacting each recipient's mail server, delivering the message, and retrying if the mail server cannot be contacted.
If the Mail service cannot deliver a message, or if an recipient's mail server returns a bounce message (such as if there is no account for that address on that system), the error message is sent by email to the address of the sender for the message. The application itself does not receive any notification about whether delivery succeeded or failed.
Sending mail in Python
mail.send_mail() function sends an email message from the application.
The following example sends an email message to the user as confirmation that the user created a new account with the application:
import webapp2 from google.appengine.api import mail class ConfirmUserSignup(webapp2.RequestHandler): def post(self): user_address = self.request.get("email_address") if not mail.is_email_valid(user_address): # prompt user to enter a valid address else: confirmation_url = createNewUserConfirmation(self.request) sender_address = "Example.com Support <email@example.com>" subject = "Confirm your registration" body = """ Thank you for creating an account! Please confirm your email address by clicking on the link below: %s """ % confirmation_url mail.send_mail(sender_address, user_address, subject, body)
The Python Mail API also includes an object-oriented interface with similar functionality.
See Sending Mail for more information and examples.
Receiving mail in Python
You can set up your app to receive incoming email at addresses in the following format:
To receive email, you must put a section that enables incoming mail in your app's
inbound_services: - mail
Incoming email in App Engine works by posting HTTP requests containing MIME data to your app. The email's MIME data is supplied to your app as the contents of an HTTP POST request, and you process this data in your handler.
app.yaml file, you must create mappings from URL paths that represent email addresses to handlers in your app's code:
- url: /_ah/mail/.+ script: handle_incoming_email.app login: admin
The URL path is
/_ah/mail/ followed by the incoming email address used. The pattern
/_ah/mail/.+ matches all incoming email addresses.
In your app, you include the code for the handlers you specified. The Python SDK includes the
InboundEmailMessage class which you can use to parse email messages in your handlers:
from google.appengine.api import mail message = mail.InboundEmailMessage(self.request.body)
In addition, the
InboundEmailMessage class includes attributes for fields in the message.
See Receiving Mail for more information and examples.
Receiving bounce notification
By default, apps do not receive email bounce notifications. To turn this on for your app and to handle bounce notifications, see Receiving Bounce Notification.
Sending mail with attachments
An outgoing email message can have zero or more file attachments.
An attachment has a filename and file data. The file data can come from any source, such as an application data file or the datastore. The MIME type of the attachment is determined from the filename.
The following is a list of MIME types and their corresponding filename extensions allowed for file attachments to an email message. You are not limited to these extensions. If you use an unknown extension, App Engine will assign it the mime type
|MIME Type||Filename Extension(s)|
|audio/x-aiff||aif aifc aiff|
|image/jpeg||jpeg jpg jpe|
|text/plain||text txt asc diff pot|
|video/mpeg||mpeg mpg mpe|
As a security measure to protect against viruses, you cannot send email attachments or zip files containing any of the following extensions:
Sending mail with headers
An outgoing email can have zero or more extra headers. A header has a name and a value.
For security purposes, the name of a header must be of one of the allowed header names:
Mail and the development server
The development server can be configured to send email messages directly from your computer when you test a feature of your app that sends messages. You can configure the development server to use an SMTP server of your choice. Alternatively, you can tell it to use Sendmail, if Sendmail is installed on your computer and set up for sending email.
If you do not configure an SMTP server or enable Sendmail, when your app calls the Mail service, the development server will log the contents of the message, and not send the message.
Authenticating mail: DKIM
If your application sends messages from an email address that is part of a Google Apps domain, App Engine can utilize a Google Apps feature to cryptographically sign the emails it sends. This signature says that this mail that purports to be from
firstname.lastname@example.org really came from
example.com. The recipient can check this signature; if the signature is there and correct, the recipient knows that the sender's domain wasn't spoofed. App Engine uses the DomainKeys Identified Mail (DKIM) standard to authenticate the sender's domain.
To enable DKIM authentication for messages sent from Google Apps email addresses, follow these instructions in the Google Apps Help Center. Note that it may take up to 48 hours before DKIM authentication is active for your Google Apps domain.
App Engine will sign the application's outgoing mails if the sender address is part of a Google Apps domain with DKIM enabled. Additionally, the sender address must be formatted such that the domain part of the email address only consists of lowercase letters.
Bulk senders guidelines
You must follow the guidelines in this section if your application is sending out bulk email, i.e. similar messages to numerous recipients. These guidelines will help to improve your inbox delivery rate to Gmail users, by ensuring that all recipients in your distribution list actually want to receive the email. If recipients manually mark your email as spam then that acts as a strong signal to Gmail to mark future emails from you as spam.
Authentication and identification
- Use the same sender for every bulk email. When calling the Mail API function to send email, the
Fromheader will be set to match the sender you specify.
- Your sender address should be an account in a Google Apps for Business domain. Google accounts that send too many emails that are marked as spam by Google, can be temporarily disabled if their domain is still in the free trial period or has less than six users. In these cases, the Mail API will throw an exception with an
Unauthorized sendererror message.
- Sign your email with DKIM, which requires a Google Apps domain if you are sending using App Engine.
- Publish an SPF record to prevent spammers from spoofing your envelope sender address. SPF verifies that email is sent from an IP address that is published in the DNS records of the envelope sender. App Engine's envelope sender is in the
apphosting.bounces.google.comdomain, so your SPF record may not be used to determine if email from App Engine should be delivered.
- Your mail quota is shown in the Google Developers Console Quota Details tab for your project. The quota is reset daily. You will get an over quota exception if you exceed the daily quota. If you need a higher quota, you can request a quota increase. See also Quotas and Limits.
- You should throttle sending of emails to avoid sending too many emails in a short burst, which could cause some emails to be silently dropped due to a safety limit on Google's side. You can calculate the maximum daily rate of sending emails per second by dividing your daily quota by 86,400, the number of seconds in a day. We recommend that you do not send bulk email with short bursts at higher than 50 times this long term rate.
- Each user in your distribution list should opt-in to receive messages from you in one of the following ways:
- By sending you an email asking to subscribe
- By manually checking a box on a web form, or within a piece of software
- Using an email address list purchased from a third-party is not considered opt-in. You also should not set a checkbox on a web form or within a piece of software to subscribe all users by default. Users should not be required to explicitly opt-out of mailings.
- You should verify that the person that signed up by checking the box on the web form or in software is actually receiving emails at the address that was specified in the form, by sending an email that requires them to confirm receipt.
- A user must be able to unsubscribe in one of the following ways:
- Through a prominent link in the email with no further user interaction other than confirmation
- Via an email unsubscribe response
- App Engine can only receive email sent to the
appid.appspotmaildomain. Therefore, you will need to set your sender to an address in this domain if you want to automatically handle email unsubscribe responses within App Engine.
- Use the
List-Unsubscribeheader, which is supported by the App Engine Mail API.
- Automatically unsubscribe users whose addresses bounce multiple pieces of email. You can configure your app to receive bounce notifications.
- Periodically send email confirmations to users, offering the opportunity to unsubscribe from each list they are signed up for.
- You should explicitly indicate the email address subscribed within your email because users may forward email from other accounts.
- Format to RFC 2822 SMTP standards and, if using HTML, w3.org standards.
- Attempts to hide the true sender of the message or the true landing page for any web links in the message may result in non-delivery. For example, we recommend that you do not use URL shortener services in bulk email, since these can mask the real URLs contained in the body of your email.
- The subject of each message should be relevant to the body's content and not be misleading.
- The following factors will help messages arrive in Gmail users' inboxes:
Fromaddress is listed in the user's Contacts list.
- A user clicks "Not Spam" to alert Gmail that messages sent from that address are solicited.
- If you send both promotional email and transactional email relating to your organization, we recommend separating email by purpose as much as possible. You can do this by:
- Using separate email addresses for each function.
- Sending email from different domains for each function.
- If others use your service to send email, you are responsible for monitoring your users and/or clients' behavior. You must terminate, in a timely fashion, all users and/or clients who use your service to send spam email. The Google Cloud Platform Acceptable Use Policy specifically prohibits spam. Your application can be suspended if you violate this policy, as described in the Google Cloud Platform Terms of Service.
- You must have an email address available for users and/or clients to report abuse, which should normally be
email@example.com. You should also monitor
- Monitor email sent to app admins. Google may need to urgently contact app admins, for example to notify you of a violation of the Acceptable Use Policy. We can help you to resolve the problems more quickly if you respond promptly to our emails.
- You must maintain up-to-date contact information in your WHOIS record maintained by your domain registrar, and on abuse.net.
Affiliate marketing programs
- Affiliate marketing programs reward third-parties for bringing visitors to your site. These programs are attractive to spammers and can potentially do more harm than good. Please note the following:
- If your brand becomes associated with affiliate marketing spam, it can affect the email sent by you and your other affiliates.
- It is your responsibility to monitor your affiliates and remove them if they send spam.
Alternatives to the App Engine Mail API
- You can use a third-party email delivery service provider to send email from App Engine. These services may provide additional features that are not available in the Mail API and may be a better solution for some bulk email senders.
- You can use the Sockets API to connect directly to an SMTP server to send email.
Quotas and limits
Each Mail service request counts toward the Mail API Calls quota.
Each recipient email address for an email message counts toward the Recipients Emailed (billable) quota. Each recipient that is an administrator for the application also counts toward the Admins Emailed quota.
Data sent in the body of an email message counts toward the following quotas:
- Outgoing Bandwidth (billable)
- Message Body Data Sent
Each attachment included with an email message counts toward the Attachments Sent quota.
Data sent as an attachment to an email message counts toward the following quotas:
- Outgoing Bandwidth (billable)
- Attachment Data Sent
In addition to quotas, the following limits apply to the use of the Mail service:
|maximum size of outgoing mail messages, including attachments||31.5 megabytes|
|maximum size of incoming mail messages, including attachments||31.5 megabytes|
|maximum size of message when an administrator is a recipient||16 kilobytes|