Determine if an Email address is Gmail or Hosted Gmail (Google Apps for Your Domain)

For my latest venture, MyFamilio, I needed to know if a user’s Email address is a Gmail one so that I could show the user his/her contacts from Gmail.

Figuring out if the user is on Gmail is usually easy – the Email ends with @gmail.com. But what happens for all of those Google Apps for Your domain (like my own, which uses the @sandler.co.il domain) ?

Well, you can easily detect that by running a DNS query on the MX record.

I wrote a small function in Python which uses dnspyhon to do just that, determine if an Email address is hosted on Gmail or not.

Check the gist here.

Check the gist here.

Google Apps for your Domain, DNS, CNAME and Security

I’ve recently started to use Google Apps for Your domain to host my private emails on the sandler.co.il domain.

Google Apps for your domain is quite cool and was very easy to configure. I mainly moved to it due to the unbelievable amounts of SPAM and I didn’t have the power or time to configure SpamAssassin in a reasonable way that would actually work.

When I moved, one of the things I did was to change the “default” URL in which me and other members of my family use to access the web mail of the domain. Google Apps for your Domain allows you to do just that by configuring it in its configuration screen and settings a CNAME record that points to ghs.google.com.

After configuring everything I tested it out and noticed something disturbing.

It seems that CNAME (by design/default/whatever) does not support HTTPS, only HTTP. This means that the CNAME alias I configured will be resolved to mail.google.com/a/YourDomain.XXX (replace YourDomain.XXX with your domain ;-) ). If you are not authenticated you’ll be redirected to authenticate on an SSL protected address (https) and upon successful authentication you will be directed to http://mail.google.com/a/YourDomain.XXX (not https – not SSL).

This means that now, when you read or write Emails they are not protected. If you are sitting in an open WIFI network (passwordless network) people can easily sniff out your Emails and correspondence (I know that not using WPA will make you prune to man in the middle attacks, but that’s not the issue here). This is just one of the scenarios that you will be vulnerable (there are a few more).

It’s not that accessing https://mail.google.com/a/YourDOMAIN.XXX will not work. On the contrary, it will work fine and all the communication will be secured using SSL (https).

It seems Google is encouraging recklessness with their current configuration, instead of redirecting authenticated users to the secured version (https/SSL) of their web mail specifically because of the DNS CNAME limitations.

It is a simple fix on Google’s behalf which will increase the security dramatically.

Google Apps for Your Domain and Gmail Mail Applet for Nokia phones

I own a Nokia E61 cell phone. A nice phone all in all (aside from the backup problems my wife encountered).

Gmail has this cool little applet that lets me access my Gmail account in a nicer (and better cached) way from my cell phone. It’s a really nice program and I use it quite often.

It has one problem though. If you host your own domain through Google Apps for Your Domain to get the Gmail like interface for your Emails you cannot use this program.

Technically (as far as I could see) the interface is rather the same, the only different should be the user name and password. But there is a restriction in the user name in the mail applet that forces you to put an Email address with a suffix of @gmail.com only. It will not accept anything other than a @gmail.com user name.

Google Apps for your Domain has, however, a program for Blackberries. Not that there is anything wrong with that, but I would really like to have the current nice mail applet working with my hosted Google Gmail application.

I want the normal Gmail applet to work with my custom domain and Google Apps for your domain, otherwise I’m forced to use the not so nice Cell phone browser web mail access which is far less usable than the applet.

Is it too much to ask? I don’t think so, considering that it seems there shouldn’t be any problem supporting it technically (it’s the same backend). If any of you Google Apps for your Domains Googlers are reading this and there is a bigger issue/problem with forcing the mail applet to support Google Apps for Your Domain, I would love to know why (you can even ping me privately through my contact page).