Google Cloud Platform

Mail Python API Overview

Python |Java |PHP |Go

App Engine applications can send email messages on behalf of the app's email receiving addresses and on behalf of some users with Google Accounts. Apps can receive email at various addresses. Apps send messages using the Mail service and receive messages in the form of HTTP requests initiated by App Engine and posted to the app.

  1. Sending mail
  2. Sending mail in Python
  3. Receiving mail in Python
  4. Receiving bounce notification
  5. Sending mail with attachments
  6. Sending mail with headers
  7. Mail and the development server
  8. Authenticating mail: DKIM
  9. Bulk senders guidelines
  10. Quotas and limits

Sending mail

The Mail service can send email messages to one or more recipients. The message contains a subject, a plaintext body, and an optional HTML body. It can also contain file attachments, as well as a limited set of headers.

For security purposes, the sender address of a message must be one of the following:

  • The Gmail or Google Apps Account of the user who is currently signed in
  • Any email address of the form or
  • Any email address listed in the Cloud Platform Console under Email API Authorized Senders

All email addresses on the Email API Authorized Senders list need to be valid Gmail or Google-hosted domain accounts. App Administrators can add the following accounts to the list of Authorized Senders:

  • Their own email address.
  • Any group for which they are an Owner or Manager.
  • For applications hosted in a Google Apps domain:, as long as is a valid account (user or group).

In addition, domain administrators of domains managed by Google Apps can add any user in their domain to the list.

If you will be sending email from a domain managed by Google Apps, you should set the SPF records for your domain to indicate that Google is a trusted source for your email. For instructions on how to do this, see SPF records in the Google Apps help articles.

If you have one or more aliases set up for your Google Apps domain, you can send email from email addresses that use the domain alias. For example, adding "" to the Authorized Senders list will have the effect of also allowing sending email from "".

You can use any email address for a recipient. A recipient can be in the message's "to" field or the "cc" field, or the recipient can be hidden from the message header (a "blind carbon copy" or "bcc").

When an application calls the Mail service to send a message, the message is queued and the call returns immediately. The Mail service uses standard procedures for contacting each recipient's mail server, delivering the message, and retrying if the mail server cannot be contacted.

If the Mail service cannot deliver a message, or if an recipient's mail server returns a bounce message (such as if there is no account for that address on that system), the error message is sent by email to the address of the sender for the message. The application itself does not receive any notification about whether delivery succeeded or failed.

Sending mail in Python

The mail.send_mail() function sends an email message from the application.

The following example sends an email message to the user as confirmation that the user created a new account with the application:

import webapp2
from google.appengine.api import mail

class ConfirmUserSignup(webapp2.RequestHandler):
    def post(self):
        user_address = self.request.get("email_address")

        if not mail.is_email_valid(user_address):
            # prompt user to enter a valid address

            confirmation_url = createNewUserConfirmation(self.request)
            sender_address = " Support <>"
            subject = "Confirm your registration"
            body = """
Thank you for creating an account! Please confirm your email address by
clicking on the link below:

""" % confirmation_url

            mail.send_mail(sender_address, user_address, subject, body)

The Python Mail API also includes an object-oriented interface with similar functionality.

See Sending Mail for more information and examples.

Receiving mail in Python

You can set up your app to receive incoming email at addresses in the following format:

To receive email, you must put a section that enables incoming mail in your app's app.yaml file:

- mail

Incoming email in App Engine works by posting HTTP requests containing MIME data to your app. The email's MIME data is supplied to your app as the contents of an HTTP POST request, and you process this data in your handler.

In your app.yaml file, you must create mappings from URL paths that represent email addresses to handlers in your app's code:

- url: /_ah/mail/.+
  login: admin

The URL path is /_ah/mail/ followed by the incoming email address used. The pattern /_ah/mail/.+ matches all incoming email addresses.

In your app, you include the code for the handlers you specified. The Python SDK includes the InboundEmailMessage class which you can use to parse email messages in your handlers:

from google.appengine.api import mail

message = mail.InboundEmailMessage(self.request.body)

In addition, the InboundEmailMessage class includes attributes for fields in the message.

See Receiving Mail for more information and examples.

Receiving bounce notification

By default, apps do not receive email bounce notifications. To turn this on for your app and to handle bounce notifications, see Receiving Bounce Notification.

Sending mail with attachments

An outgoing email message can have zero or more file attachments.

An attachment has a filename and file data. The file data can come from any source, such as an application data file or the datastore. The MIME type of the attachment is determined from the filename.

The following is a list of MIME types and their corresponding filename extensions allowed for file attachments to an email message. You are not limited to these extensions. If you use an unknown extension, App Engine will assign it the mime type application/octet-stream.

MIME Type Filename Extension(s)
application/msword doc
application/msword docx
application/pdf pdf
application/rss+xml rss
application/ kml
application/ kmz
application/ xls
application/ xlsx
application/ pptx
application/ pps ppt
application/vnd.oasis.opendocument.presentation odp
application/vnd.oasis.opendocument.spreadsheet ods
application/vnd.oasis.opendocument.text odt
application/vnd.sun.xml.calc sxc
application/vnd.sun.xml.writer sxw
application/x-gzip gzip
application/zip zip
audio/basic au snd
audio/flac flac
audio/mid mid rmi
audio/mp4 m4a
audio/mpeg mp3
audio/ogg oga ogg
audio/x-aiff aif aifc aiff
audio/x-wav wav
image/gif gif
image/jpeg jpeg jpg jpe
image/png png
image/tiff tiff tif
image/vnd.wap.wbmp wbmp
image/x-ms-bmp bmp
text/calendar ics
text/comma-separated-values csv
text/css css
text/html htm html
text/plain text txt asc diff pot
text/x-vcard vcf
video/mp4 mp4
video/mpeg mpeg mpg mpe
video/ogg ogv
video/quicktime qt mov
video/x-msvideo avi

As a security measure to protect against viruses, you cannot send email attachments or zip files containing any of the following extensions:

  • ade
  • adp
  • bat
  • chm
  • cmd
  • com
  • cpl
  • exe
  • hta
  • ins
  • isp
  • jse
  • lib
  • mde
  • msc
  • msp
  • mst
  • pif
  • scr
  • sct
  • shb
  • sys
  • vb
  • vbe
  • vbs
  • vxd
  • wsc
  • wsf
  • wsh

Sending mail with headers

An outgoing email can have zero or more extra headers. A header has a name and a value.

For security purposes, the name of a header must be of one of the allowed header names:

  • In-Reply-To
  • List-Id
  • List-Unsubscribe
  • On-Behalf-Of
  • References
  • Resent-Date
  • Resent-From
  • Resent-To

Mail and the development server

The development server can be configured to send email messages directly from your computer when you test a feature of your app that sends messages. You can configure the development server to use an SMTP server of your choice. Alternatively, you can tell it to use Sendmail, if Sendmail is installed on your computer and set up for sending email.

If you do not configure an SMTP server or enable Sendmail, when your app calls the Mail service, the development server will log the contents of the message, and not send the message.

Authenticating mail: DKIM

If your application sends messages from an email address that is part of a Google Apps domain, App Engine can utilize a Google Apps feature to cryptographically sign the emails it sends. This signature says that this mail that purports to be from really came from The recipient can check this signature; if the signature is there and correct, the recipient knows that the sender's domain wasn't spoofed. App Engine uses the DomainKeys Identified Mail (DKIM) standard to authenticate the sender's domain.

To enable DKIM authentication for messages sent from Google Apps email addresses, follow these instructions in the Google Apps Help Center. Note that it may take up to 48 hours before DKIM authentication is active for your Google Apps domain.

App Engine will sign the application's outgoing mails if the sender address is part of a Google Apps domain with DKIM enabled. Additionally, the sender address must be formatted such that the domain part of the email address only consists of lowercase letters.

Bulk senders guidelines

You must follow the guidelines in this section if your application is sending out bulk email, i.e. similar messages to numerous recipients. These guidelines will help to improve your inbox delivery rate to Gmail users, by ensuring that all recipients in your distribution list actually want to receive the email. If recipients manually mark your email as spam then that acts as a strong signal to Gmail to mark future emails from you as spam.

Authentication and identification

  • Use the same sender for every bulk email. When calling the Mail API function to send email, the From header will be set to match the sender you specify.
  • Your sender address should be an account in a Google Apps for Business domain. Google accounts that send too many emails that are marked as spam by Google, can be temporarily disabled if their domain is still in the free trial period or has less than six users. In these cases, the Mail API will throw an exception with an Unauthorized sender error message.
  • Sign your email with DKIM, which requires a Google Apps domain if you are sending using App Engine.
  • Publish an SPF record to prevent spammers from spoofing your envelope sender address. SPF verifies that email is sent from an IP address that is published in the DNS records of the envelope sender. App Engine's envelope sender is in the domain, so your SPF record may not be used to determine if email from App Engine should be delivered.

Sending limits

  • Your mail quota is shown in the Google Cloud Platform Console Quota Details tab for your project. The quota is reset daily. You will get an over quota exception if you exceed the daily quota. If you need a higher quota, you can request a quota increase. See also Quotas and Limits.
  • You should throttle sending of emails to avoid sending too many emails in a short burst, which could cause some emails to be silently dropped due to a safety limit on Google's side. You can calculate the maximum daily rate of sending emails per second by dividing your daily quota by 86,400, the number of seconds in a day. We recommend that you do not send bulk email with short bursts at higher than 50 times this long term rate.


  • Each user in your distribution list should opt-in to receive messages from you in one of the following ways:
    • By sending you an email asking to subscribe
    • By manually checking a box on a web form, or within a piece of software
  • Using an email address list purchased from a third-party is not considered opt-in. You also should not set a checkbox on a web form or within a piece of software to subscribe all users by default. Users should not be required to explicitly opt-out of mailings.
  • You should verify that the person that signed up by checking the box on the web form or in software is actually receiving emails at the address that was specified in the form, by sending an email that requires them to confirm receipt.


  • A user must be able to unsubscribe in one of the following ways:
    • Through a prominent link in the email with no further user interaction other than confirmation
    • Via an email unsubscribe response
  • App Engine can only receive email sent to the appid.appspotmail domain. Therefore, you will need to set your sender to an address in this domain if you want to automatically handle email unsubscribe responses within App Engine.
  • Use the List-Unsubscribe header, which is supported by the App Engine Mail API.
  • Automatically unsubscribe users whose addresses bounce multiple pieces of email. You can configure your app to receive bounce notifications.
  • Periodically send email confirmations to users, offering the opportunity to unsubscribe from each list they are signed up for.
  • You should explicitly indicate the email address subscribed within your email because users may forward email from other accounts.


  • Format to RFC 2822 SMTP standards and, if using HTML, standards.
  • Attempts to hide the true sender of the message or the true landing page for any web links in the message may result in non-delivery. For example, we recommend that you do not use URL shortener services in bulk email, since these can mask the real URLs contained in the body of your email.
  • The subject of each message should be relevant to the body's content and not be misleading.


  • The following factors will help messages arrive in Gmail users' inboxes:
    • The From address is listed in the user's Contacts list.
    • A user clicks "Not Spam" to alert Gmail that messages sent from that address are solicited.
  • If you send both promotional email and transactional email relating to your organization, we recommend separating email by purpose as much as possible. You can do this by:
    • Using separate email addresses for each function.
    • Sending email from different domains for each function.

Third-party senders

  • If others use your service to send email, you are responsible for monitoring your users and/or clients' behavior. You must terminate, in a timely fashion, all users and/or clients who use your service to send spam email. The Google Cloud Platform Acceptable Use Policy specifically prohibits spam. Your application can be suspended if you violate this policy, as described in the Google Cloud Platform Terms of Service.
  • You must have an email address available for users and/or clients to report abuse, which should normally be You should also monitor
  • Monitor email sent to app admins. Google may need to urgently contact app admins, for example to notify you of a violation of the Acceptable Use Policy. We can help you to resolve the problems more quickly if you respond promptly to our emails.
  • You must maintain up-to-date contact information in your WHOIS record maintained by your domain registrar, and on

Affiliate marketing programs

  • Affiliate marketing programs reward third-parties for bringing visitors to your site. These programs are attractive to spammers and can potentially do more harm than good. Please note the following:
    • If your brand becomes associated with affiliate marketing spam, it can affect the email sent by you and your other affiliates.
    • It is your responsibility to monitor your affiliates and remove them if they send spam.

Alternatives to the App Engine Mail API

  • You can use a third-party email delivery service provider to send email from App Engine. These services may provide additional features that are not available in the Mail API and may be a better solution for some bulk email senders.
  • You can use the Sockets API to connect directly to an SMTP server to send email.

Quotas and limits

Each Mail service request counts toward the Mail API Calls quota.

Each recipient email address for an email message counts toward the Recipients Emailed (billable) quota. Each recipient that is an administrator for the application also counts toward the Admins Emailed quota.

Data sent in the body of an email message counts toward the following quotas:

  • Outgoing Bandwidth (billable)
  • Message Body Data Sent

Each attachment included with an email message counts toward the Attachments Sent quota.

Data sent as an attachment to an email message counts toward the following quotas:

  • Outgoing Bandwidth (billable)
  • Attachment Data Sent

For more information, see Quotas and Quota Details. You can see the current quota usage of your app by visiting the Google Cloud Platform Console Quota Details tab for your project.

In addition to quotas, the following limits apply to the use of the Mail service:

Limit Amount
maximum size of outgoing mail messages, including attachments 31.5 megabytes
maximum size of incoming mail messages, including attachments 31.5 megabytes
maximum size of message when an administrator is a recipient 16 kilobytes