14

I am trying to send emails to myself using a Python script, and luckily I came across this post:

How to send an email with Gmail as provider using Python?

The trouble is, smtplib sends out the password for the script in plain text and I am skeptical about its security. Further my script contains my username and password in plain text. Are there any good ways to use Python and send emails without having to keep my password as plain text?

I also saw this on StackOverflow: Python smtplib security but the answer is not completely helping me resolve this conflict. However, I'm not ready to give up yet.

Some more information: I'm trying to set up my Raspberry Pi as a server that scrapes through a website. When a specific thing about the website changes, I want to be notified via email. However, I don't want to leave my Pi sitting around with a script that has my username and password in plain text.

Community
  • 1
  • 1
dot_zero
  • 1,030
  • 3
  • 12
  • 26
  • 1
    What about your issue is not resolved by the information on the "smtplib security" question you link to? starttls() is specifically saying *not* to send the password in plain text (although there's still the problem of the certificate not being fully validated). – Steve Jessop Aug 01 '14 at 16:46
  • @SteveJessop Thanks for the response. I guess I still need to dive deeper and learn about how email certificate validation works because I'm very new to this. I added some more information to the post which hopefully differentiates itself from the other questions. – dot_zero Aug 01 '14 at 19:16

3 Answers3

6

The connection uses STARTTLS, so its not being sent over the internet in clear text.

The function server.starttls() starts the encrypted communication with the server on port 465 instead of the normal port 25 for unencrypted SMTP mail traffic.

KurzedMetal
  • 12,540
  • 6
  • 39
  • 65
Christer Nissen
  • 487
  • 2
  • 6
2

An obvious solution would be to use

getpass.getpass()

to get the password at the start of running, and store that in memory.

Veedrac
  • 58,273
  • 15
  • 112
  • 169
  • To clarify, add `import getpass` at the beginning of the file. Then do something like `email_password = getpass.getpass("Enter Email Password: ")`. – shlgug Nov 15 '17 at 16:25
1

Even using starttls I just got blocked by Gmail from sending email from my Python script (which worked in the past)... I get a SMTPAuthenticationError with a link to continue sign-in via a browser, which is no help for my Python script trying to send mail via smtplib. I do not have "2 step verification" setup on my account currently.

I had to go to my Google account (in a browser) and select an option to "enable access for less secure apps"
https://www.google.com/settings/security

Changing that allowed my script to work again. It looks like Google really wants us to use 2-step verification, and thus an app-specific password, going forward. I guess I will do that and put up with having to enter an SMS code to login my email now and then...

Anentropic
  • 32,188
  • 12
  • 99
  • 147
  • 1
    Or use oauth2, which is actually how Google wants applications to identify themselves. However, that takes a lot of infrastructure. For personal use, an app specific password would be best. – Max Nov 03 '14 at 01:42
  • 1
    looks like the easiest way might by Google's own gmail API python client https://developers.google.com/api-client-library/python/apis/gmail/v1 – Anentropic Nov 03 '14 at 12:36