Suspicious sign in prevented (Heroku, Amazon AWS, Gmail SMTP)

Question

I occasionally receive emails from Google ([email protected]), similar to the following:

Subject: Suspicious sign in prevented

Someone recently tried to use an application to sign in to your Google  
Account, [email protected]. We prevented the sign-in attempt in case  
this was a hijacker trying to access your account. Please review the  
details of the sign-in attempt:

Monday, November 19, 2012 8:40:55 PM GMT
IP Address: 184.72.161.49 (amazonaws.com)
Location: Dixmoor, IL, USA

If you do not recognize this sign-in attempt, someone else might be trying  
to access your account. You should sign in to your account and reset your  
password immediately. Find out how at  
http://support.google.com/accounts?p=reset_pw

If this was you, and you want to give this application access to your  
account, complete the troubleshooting steps listed at  
http://support.google.com/mail?p=client_login

Sincerely,
The Google Accounts Team


© 2012 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043

You have received this mandatory email service announcement to update you  
about important changes to your Google product or account.

Indeed, this was me, as I have an app running on Heroku (hence why the IP address is from amazonaws.com), and I send email directly from my app via Gmail SMTP (I don't think it should matter, but specifically, I'm using the gmail_smtp plugin which I updated for Rails 3.2).

Is there a way to avoid this warning, or a way to whitelist known IPs?

Answer 1

Short Answer

1. In a web browser (perhaps Chrome/Incognito), log into your Gmail account (the one via which you're trying to send email from your app).

2. In another browser tab, open https://accounts.google.com/DisplayUnlockCaptcha -- and follow the steps.

Long Answer

I ended up logging into my Gmail account (mentioned as [email protected] in the Stackoverflow question above) and saw the following warning:

[Note: I'm piecing this Answer together after the fact.] Clicking the link Was it you?, I'm pretty sure I was taken to a page that contained the following, though below it there was a message and button about adding another application to the list:

[Again, I'm pretty sure...] Clicking the button on that page brought me to https://accounts.google.com/DisplayUnlockCaptcha -- which looks like this:

Clicking Continue brought me to another page:

At that point I just went to my app, and made it send an email.

Note: for general live-testing of email in my app, I have a view at triggers#index with two buttons that send PUT requests to these actions: triggers#send_email and triggers#raise_exception. This enables an admin to go to /triggers and send an email or raise an exception to test if the production system is working correctly as far as being able to send email is concerned. Raising an exception in any of my apps emails details to me via exception_notification.