Send email from Workers using MailChannels, for free

No, this is not a problem with DMARC. If you could have a DMARC policy requiring only SPF, it wouldn’t be any help here. Once I include your SPF record, any mail anyone sends from my domain via this API would conform to that policy.

Your answer is to roll my own DKIM signatures, and you recommend a poorly-documented npm library that hasn’t been updated in several years and that, from looking at the code, doesn’t actually create DKIM signatures.

I can’t believe Cloudflare, a security company, didn’t see a problem with this.

2 Likes

Huh? :confused:

1 Like

Cloudflare encourages you to set up SPF, DKIM, DMARC. They nag you until you do, and make a big deal out of making it simple (with resounding success, I might add).

Now, they are endorsing a product that, used as described, requires you to disable (or weaken to the point of uselessness) those things, with no warning of the consequence and no method offered to keep the security measures in place.

Someone didn’t think this through.

Cloudflare is endorsing what product where? Because they wrote a blog about it? Man I hate to mention HashiCorp at this point.

If you were using this service to do anything other than submit a form to yourself you’re almost certainly doing it wrong. And if you can’t figure out how to receive a form submission email without compromising your entire email infrastructure…. :rofl:

Well, here.

Yes, you are completely missing the point, as someone else previously mentioned. It doesn’t matter what I use the service for. If I’m using it at all, then anyone can use this service to send email from my domain that complies with any DMARC policy I can use with it, unless I roll my own signing code. And the documentation offers no explanation of this, nor method of accomplishing it.

3 Likes

I was a mail administrator for almost 20 years managing millions of mailboxes. I’m not missing the point nor would I need to compromise my system to receive a form submission using this service.

Would it be nice if they supported what you want? Dude said he was going to escalate it to his devs to research. Presumably you will have to wait for that if you want to use his FREE service and can’t figure out a basic workaround. Presumably.

We are going to try to get DKIM built this week.

4 Likes

@ksimpson, are there any plans to allow the customization of the return-path? That way we can use something like [email protected] and that would allow DMARC to pass and stop the ability for other people using mail channels to impersonate us.

Also, would you be able to publish some api docs for the https://api.mailchannels.net/tx/v1/send endpoint, it looks like it’s quite cusomizable with the personalizations array and what not, but it’s hard to tell how everything works without some docs.

By the way, thanks for being so responsive on here :slight_smile:

1 Like

I’ll run this request past the team. We do have docs but they’re not quite right for the Cloudflare Workers peephole that we opened up in the authentication system.

Regarding the Return-Path, customizing that would be cool. I’ll pass this on.

3 Likes

Hi Ken,

First of all, I’m loving the MailChannels integration with Workers. I was wondering, is there any update on the DKIM feature?

Cheers

We’re currently building it and will announce availability soon.

8 Likes

In case other people are still watching this thread:

Seems at some point DKIM support was added and is now in the docs as well:
https://api.mailchannels.net/tx/v1/documentation

ml1234 in the Cloudflare Discord even shared a worker using it, and docs on how to set it up: GitHub - maggie-j-liu/mail

4 Likes

I tried it, doesn’t seem to work for me. I think its better to wait for official announcement

I was passing the dkim values at wrong place in json body, everything seems to be working fine now

It’s official: https://mailchannels.zendesk.com/hc/en-us/articles/7122849237389

7 Likes

Thanks for this new feature

1 Like

I’ve updated my previous code in gist Send email from Workers with MailChannel API · GitHub
You can try it now here Submit your email

1 Like

Hi Ken!

Amazing work! I followed the guide and got it working with DKIM. However, there is one thing that I can’t seem to figure out. I’ve been testing the email delivery using https://www.mail-tester.com.

Currently I’m getting to 8.7/10. The only thing that seems to be missing is: “MISSING_DATE, Missing Date: header”. I’ve been trying to add a date to the API call, but I’m not sure where to actually do this, or if it’s actually supported.

Cheers

I am asking the team.