I’m trying to write a heavily email-based application in the Python SDK of Google App Engine. I’ve noticed that Google allows you to receive email via its API, and that it easily gives you access to the standard fields like From, To, Body, etc. However, if I’m trying to verify that an email address came from who it said it came from (kind of in the way that Posterous does it for you), how can I? I don’t have access to any of the email headers, so I can’t check the MX record of the sending server’s IP address or anything fancy like that.
Any ideas?
Actually, while not well documented, the sources here suggest that the original mime message from which the handy objects you get are shaped is available as the
.originalproperty of the handy object — that’s an instance of email.message.Message, so you should be able to get email headers from there. I’m not sure that takes you much further in your quest for validation, though.