Welcome to the mailbox.org user forum!
 

SMTP relay with API key

2705865 shared this question 2 years ago
Need Answer

Hi,


would it be possible to provide an SMTP relay service using API keys so that E-Mails could be sent without the user's mailbox.org credentials? This would, for example, allow for easy automated E-Mails from routers, servers, password managers, etc.


So far I used my mailbox.org user credentials for sending automated E-Mails (status messages, critical allerts, etc.) via the mailbox.org SMTP server. However, depending on the application/system they might be stored as plain text in config files. I'd like to remove this potential security threat with API keys for just sending E-Mails, logging into the mailbox.org account with those keys would not be possible.


Currently I'm testing SendGrid, a provider of such an SMTP relay via API keys. Its API is simple and can be set up quite fast. Unfortunately most of their IP addresses for a free account are being blocked by mailbox.org (I'm receving the automated E-Mails with my mailbox.org account of course) as they are flagged by spamcop.net. I'm afraid that I'll have a similar issue with other providers.


Therefore my question whether such a service could be provided by mailbox.org. In order to avoid misuse, an hourly/daily/weekly/montly amout of E-Mails sent via such an API could be limited.


BR

Comments (2)

photo
1

The feature that you describe is the ability to set up alternative users/passwords for an account, so you don't expose your main credentials. I need the same feature.

photo
2

The alternative user name and password wouldn't allow for logging into the mailbox.org account and/or account modification though. They only allow for sending E-Mails.

As mentioned above, SendGrid provides such a feature: https://sendgrid.com/docs/for-developers/sending-email/integrating-with-the-smtp-api/#integrating-with-sendgrid. Unfortunately most of their IP adresses for their free accounts are blacklisted and E-Mail reception with a mailbox.org account is not possible.

photo
1

please add this feature!

photo
photo
1

@mailbox.org support: Was this feature request reviewed? Is this something that could be considered for the mailbox.org service?

photo
1

In understand your request, but I also see that 95% is covered by adding a seperate small Account. It's not on our roadmap to develop this feature. It's not that much work, but it is "too" much work without a big benefit. I'm sorry!

photo
1

That's a pity, but thanks for the clarification.

photo
1

I would strongly advise for @mailbox.org to revisit this matter. Even if the use case is small, it's still a security matter which can expose critical credentials. It also means that users cannot enable two-factor authentication. If security is important to you, you'd put the effort into creating specific API key access. Something like Google's App passwords would be ideal.

photo
1

I support this, it is a standard feature that mailbox.org really should implement.

photo
Leave a Comment
 
Attach a file