CD
Cloudflare Developers13mo ago
albertski

400 Bad Request from MailChannels

I am following the following blog post in setting up MailChannels: https://blog.bitgate.cz/send-email-at-scale-for-free-with-cloudflare-workers/ I used the following code: 
export default {
  async fetch(request, env) {
    if (request.method !== 'POST') {
      return new Response('Method not supported', { status: 405 })
    }

    const token = request.headers.get('Authorization')?.replace('Bearer ', '')
    if (token !== env.TOKEN) {
      return new Response('Unauthorized', { status: 403 })
    }

    const body = await request.json()
    const email_body = {
      personalizations: [{
        to: body.to,
        // dkim_domain: 'example.com',
        // dkim_selector: 'mail1',
        // dkim_private_key: env.DKIM_PRIVATE_KEY,
      }],
      from: body.from,
      subject: body.subject,
      content: body.content,
      // headers: {
      //   'List-Unsubscribe': '<mailto:[email protected]?subject=unsubscribe>',
      // },
    }

    const email_request = new Request('https://api.mailchannels.net/tx/v1/send', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(email_body),
    })
    const res = await fetch(email_request)
    return new Response(`${res.status} ${res.statusText}`, { status: res.status })
  },
}
export default {
  async fetch(request, env) {
    if (request.method !== 'POST') {
      return new Response('Method not supported', { status: 405 })
    }

    const token = request.headers.get('Authorization')?.replace('Bearer ', '')
    if (token !== env.TOKEN) {
      return new Response('Unauthorized', { status: 403 })
    }

    const body = await request.json()
    const email_body = {
      personalizations: [{
        to: body.to,
        // dkim_domain: 'example.com',
        // dkim_selector: 'mail1',
        // dkim_private_key: env.DKIM_PRIVATE_KEY,
      }],
      from: body.from,
      subject: body.subject,
      content: body.content,
      // headers: {
      //   'List-Unsubscribe': '<mailto:[email protected]?subject=unsubscribe>',
      // },
    }

    const email_request = new Request('https://api.mailchannels.net/tx/v1/send', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(email_body),
    })
    const res = await fetch(email_request)
    return new Response(`${res.status} ${res.statusText}`, { status: res.status })
  },
}
The request from mailchannels keeps returning with "400 Bad Request".
I did create the create the Domail Lockdown as mentioned here: https://support.mailchannels.com/hc/en-us/articles/16918954360845-Secure-your-domain-name-against-spoofing-with-Domain-Lockdown- Would anyone have any suggestions on getting this to work?
Send email at scale for free with Cloudflare workers
I was looking for a cheap/free way to send email for a hobby project. At first I turned to Amazon SES, but after I tried to enable production access and received an extremely generic rejection, I got discouraged and put the project on hold. Recently I discovered an interesting way to send email for free using Cloudflare workers and MailChannels ...
Help Center
Secure your domain name against spoofing with Domain Lockdown™
Domain spoofing is a significant issue that threatens email integrity and security. Domain spoofing occurs when attackers pretend to send emails from a domain they do not own, typically with malici...
3 Replies
James
James13mo ago
Not a direct solution to your issue, but I would recommend avoiding MailChannels and using some other service like Amazon SES, Sendgrid, Postmark, etc. There are a lot of security implications and their responses to the situation have been very undesirable. Further reading: - https://github.com/byt3bl33d3r/SpamChannel - https://byt3bl33d3r.substack.com/p/7fc21c89-4744-4a95-8095-cd080b498ded - https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/byt3bl33d3r%20-%20SpamChannel%20Spoofing%20Emails%20From%202%20Million%20Domains%20and%20Virtually%20Becoming%20Satan.pdf
Tin Cap
Tin Cap13mo ago
That's interesting. Does that vulnerability impact all domains on Cloudflare or just those using MailChannels?
James
James13mo ago
It's not Cloudflare, purely just MailChannels, their SPF, and poor handling (or lack thereof) of any sender verification.
Want results from more Discord servers?
Add your server