Reputation: 1372
How secure is using flask_mail with gmail?
I am building a mass-emailing component for my Flask app.
I've used flask_mail, and able to send it, using 'smtp.google.com' as a server:
app.config['MAIL_SERVER']='smtp.gmail.com'
To enable it, I had to disable two-way authentication in my gmail and turn on access for "less secure apps".
Given the lowered security level, how secure is this setup?
Are there more secure alternatives?
Upvotes: 1
Views: 996
Answers (1)
Reputation: 1226
I wouldn't personally use my "everyday" GMail account for an application of any kind, especially not in production. If you're going to stick with using GMail for this project I'd make another application, specific account. Obviously, removing 2FA from your account makes it more vulnerable should someone discover you password, but "Allowing less secure apps" isn't inherently scary, in my opinion, as you've created your application you know it isn't doing anything malicious.
Furthermore, I would find it more appropriate and professional, to use a service like AWS Simple Email Service, with a custom domain, if you're planning on sending "mass emails." It may even be against Google's TOS to use GMail in this way, make sure to find out before proceeding.
That's my two cents on the issue.
Upvotes: 5
Related Questions
- Configure Flask-Mail to use GMail
- Google disabled access to less secure apps
- How do I to give my web project access to my Gmail account?
- Send emails through gmail using flask-mail
- Flask Security's Flask Mail registration receives smtplib.SMTPAuthenticationError from smtp.gmail.com
- flask-mail gmail: connection refused
- Flask-Mail times out trying to connect to Gmail
- Can I use GOOGLE_APPLICATION_CREDENTIALS instead of specific mail settings
- Heroku, Flask, Flask-Mail, Gmail
- Using Flask-Mail to send Email through Gmail- socket.gaierr