Search code examples
djangoemailspam

How to make sure email is not received in spam when sent with Django EmailMessage class?

I have the following settings in my settings.py file.

EMAIL_HOST = 'mail.domain.com'
EMAIL_HOST_USER = '[email protected]'
EMAIL_HOST_PASSWORD = 'mypassword'
EMAIL_PORT = 587
EMAIL_USE_TLS = True

A user in my Django application is able to send an email to a client with a PDF attachment using the EmailMessage class. Here is the code:

email = EmailMessage()
email.subject = 'Demo subject'
email.body = self.request.GET.get('email_body', '')
email.from_email = 'Full Name <[email protected]>'
email.to = ['{}'.format(self.request.GET.get('to_address'))]

email.attach_file(os.path.join(settings.MEDIA_ROOT, 'quotation_email.pdf'))

email.send()

My questions are,

  1. Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?

  2. I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?

  3. Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?

Solution
    1. Since I can create a code to send the email as a different person, will the email not be marked as spam in certain domains?

    The domain part of the email (part after @) is what mostly determines if the email will end up as spam or not (there are, of course, other conditions in determination of spam such as IP reputation of the sending mail server i.e. was this IP used for sending spam in the past, etc).

    If you are the authorised sender for a particular domain, you can send emails like [email protected] or [email protected] without worrying.

    Read about SPF and DKIM records about domain authorisation. It's a topic that I can't really cover in an answer.

    1. I have access to a mail server which is already setup. Can I map the email accounts to the user accounts in the Django application in such a way that Django uses the email server as a medium to send email based on the logged in users?

    Yes, you can if you own the email's domain name. Just get the user's email address and use it as the From address to send the email.

    1. Why do I need to provide an email and password in settings.py file when I may never use that email account to send any mail? Can I not log in to the email every time someone sends an email?

    Are you referring to the EMAIL_HOST_USER? This is for authentication purpose. This email is required to log into your SMTP server. Without this, the SMTP server will not know if you are the owner of the server or a spammer trying to use their server to send spam.

    But if the SMTP server is running locally, you can just use localhost as the EMAIL_HOST and leave out the authentication. Because most email servers (MTAs) relay emails from local host without requiring authentication. But this also depends on the configuration.

    Basic understanding of how emails are sent:

    Emails are sent just like the real mail - inside an envelope. The envelope and the letter inside it can have different From addresses. And that is also true in case of emails.

    Here's an illustrative example. Suppose you own a PO Box. If you want to send a letter to your friend, you'll do this:

    1. Write your message on a paper. You'll sign the letter.
    2. Buy an envelope. Write To address of your friend on the envelope.
    3. Write the From address of your PO Box on the envelope. You don't write your own address, because if the mail couldn't be delivered, it will be returned back to your PO box.
    4. Send out the letter.

    Pretty, simple. Suppose someone in your family also wants to send out a letter to someone they know. But they don't own an PO Box. They'd have to spend some money and time to get a PO Box. But why bother, because you already have one. This is how that will work:

    1. They'll write the message on a paper. They'll sign the letter in their own name.
    2. Buy an envelope. Write the the To address of their friend.
    3. Write the From address of your PO Box, so that the mail could be returned to your PO Box if it didn't deliver.
    4. Send the letter out.

    This is how actual emails work.

    1. An SMTP server is like a Post Office.
    2. Your email account is like a PO Box.
    3. Every message you send, goes inside an envelope.
    4. The sender address on the envelope can be different than the sender
      address on the message inside.

    I think Django uses the EMAIL_HOST_USER settings to compose the email envelope and the from_email address you provide is used as the From address.

    The sender address on the envelope in known as MAIL FROM address or the Return-Path address. This is not shown to the receiving user. The From address that you see in your Gmail, or Yahoo Mail, is called the MIME From address. They both can be different.