I am writing a Python script that checks the inbox of an IMAP account, reads in those e-mails, and replies to specific e-mails. However, for security reasons I need to make sure that the original sender of the e-mail came from a particular domain.
I am reading the e-mails in Python using the email library and its message_from_string function:
msg = email.message_from_string(data[0][1])
This gives me easy access to the sender via msg['from']. After some testing, I've found that this is generally in the format John Doe <JohnDoe@example.com> but I would think it could also be in the format JohnDoe@example.com.
As I said, I want to make sure the domain of the sender's e-mail is, say, foobar.net. What would be the best way to verify that? Should I use a regex so I can pull out the e-mail regardless what format msg['from'] is in? Or should I just do a string split on @ and then check the next 10 characters are foobar.net? Something else entirely?
I'm really not a fan of the regex option, especially as so many people commented on answers here, it is very hard to catch all cases.
Instead, I decided to use the Python email.utils.parseaddr function which will split the message "From" header to a tuple of (name, addr). From there, using addr.split('@') will split the e-mail address into its local part and domain part, and I can match the latter against the domain I'm verifying for.
So, the answer to my question is:
msg = email.message_from_string(data[0][1])
addr = email.utils.parseaddr(msg['From'])[1]
domain = addr.split('@')[1]
if domain == "example.com":
print "Verified requester"