I occasionally receive emails from Google ([email protected]
), similar to the following:
Subject: Suspicious sign in prevented
Someone recently tried to use an application to sign in to your Google
Account, [email protected]. We prevented the sign-in attempt in case
this was a hijacker trying to access your account. Please review the
details of the sign-in attempt:
Monday, November 19, 2012 8:40:55 PM GMT
IP Address: 184.72.161.49 (amazonaws.com)
Location: Dixmoor, IL, USA
If you do not recognize this sign-in attempt, someone else might be trying
to access your account. You should sign in to your account and reset your
password immediately. Find out how at
http://support.google.com/accounts?p=reset_pw
If this was you, and you want to give this application access to your
account, complete the troubleshooting steps listed at
http://support.google.com/mail?p=client_login
Sincerely,
The Google Accounts Team
© 2012 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
You have received this mandatory email service announcement to update you
about important changes to your Google product or account.
Indeed, this was me, as I have an app running on Heroku (hence why the IP address is from amazonaws.com
), and I send email directly from my app via Gmail SMTP (I don't think it should matter, but specifically, I'm using the gmail_smtp plugin which I updated for Rails 3.2).
Is there a way to avoid this warning, or a way to whitelist known IPs?
Short Answer
In a web browser (perhaps Chrome/Incognito), log into your Gmail account (the one via which you're trying to send email from your app).
In another browser tab, open https://accounts.google.com/DisplayUnlockCaptcha -- and follow the steps.
Long Answer
I ended up logging into my Gmail account (mentioned as [email protected]
in the Stackoverflow question above) and saw the following warning:
[Note: I'm piecing this Answer together after the fact.] Clicking the link Was it you?, I'm pretty sure I was taken to a page that contained the following, though below it there was a message and button about adding another application to the list:
[Again, I'm pretty sure...] Clicking the button on that page brought me to https://accounts.google.com/DisplayUnlockCaptcha -- which looks like this:
Clicking Continue brought me to another page:
At that point I just went to my app, and made it send an email.
Note: for general live-testing of email in my app, I have a view at triggers#index
with two buttons that send PUT
requests to these actions: triggers#send_email
and triggers#raise_exception
. This enables an admin to go to /triggers
and send an email or raise an exception to test if the production system is working correctly as far as being able to send email is concerned. Raising an exception in any of my apps emails details to me via exception_notification.