Security Issue with Gmail Automated Email

Testing an automation using Gmail and get this warning in my inbox when it is sent. Is there a way to resolve this since I very much need to have a form link in the email?

Hi @Dustin_Good,
I do not think this is a security issue, as much as its just google doing what it should be doing.

If you sent an email from Airtable, and used your email address as the sender then this message is correct. Google cannot verify that that it was in fact your domain that sent the email (it didn’t). This is not uncommon.

If you wish to avoid this message to your customers you will need to use a proper mailing platform where you can provide your domain credentials and properly send email from your domain. There are plenty of bulk email platforms out there that allow you to add SPF records and avoid this message.

If this was not a bulk email and just to yourself, you can add the send to your safe senders list and never see this again.

Thanks @Vivid-Squid. I really appreciate all your help and would gladly buy you many beverages if you’re ever in the Chicagoland area. Anyways, I am now down the rabbit hole of SPF and DKIM. Sadly I don’t have the credentials to manage our domain so I’m at a standstill.

Oh man, I do not envy you on that, it has been a while since i went down that rabbit hole.

Your domain admin should be able to add the airtable SPF records to your domain, and will know what that means. I do not know if Airtable has an SPF record but it would look something like this: v=spf1 include:_spf.google.com -all. Maybe email support to ask. You can see your domain’s SPF records by entering the domain in here: Network Tools: DNS,IP,Email and pressing SPF record lookup. All this said, this was not the intended use of Airtable and I am sure you will encounter other issues unless you use a proper emailing platform like SendGrid or MailChimp. (There are also laws about spam emailing so make sure you stay in line with them, GDPR)

I think Airtable sends as noreply@airtable.com, you can add a reply to address in your automation so that you receive responses, but that is just header information and not details of your domain.

You can also look at the Airtable Extension for SendGrid this should allow you to add your domain credentials and let Airtable send on behalf of your domain.

Email and spam filtering is a losers battle, there is no bullet proof option as you will always be at the mercy of the recipient.

Thanks for the additional resources. At this point I’m thinking I should just start a new webpage from scratch since I can’t get info from our domain admin.

This all started with an attempt to build a base for the billing department to automatically send emails out to clients with expiring credit cards on file. Not sure this would legally qualify as spam but maybe technically. I was originally intending to include a link to a PDF that they download, then complete with updated info, then send back to us…which the warning message from Google advises recipients against.

I hear ya. I am not an expert (i apologize ahead of time if I am incorrect) on email, but I think for it to qualify as spam it has to be both unwarranted and refusal to remove, since these are your willing customers, you are probably ok as long as you follow GDPR guidelines for removal.

Another thing to keep in mind is that Airtable is about to change how they store attachments, so if that PDF file is an attachment in Airtable, you will want to put it somewhere else for them to access it. If you send a link to it in Airtable the link will stop working after a while.

Depending on how many emails you are planning to send to, you may get away with sending directly from Airtable and not everyone of the recipients will get that message (not everyone uses gmail). Another thing to watch out for is if you send emails and many of the recipients mark it as spam, this will flag your domain in a directory that is shared amongst many services, and you have to appeal to have your domain removed.

You can export the email list and bulk email from your Gmail account but the same above applies.

Wait a min, is you automation using the send email action or the gmail send email action (i forgot existed)? It is possible that using the later will circumvent all of the above. Sorry I forgot it was there.

Regarding the attachments, I’m still so confused if it’s going to impact me. Initially I had uploaded scanned docs to a google drive then added them to the attachment field via the Attachment to URL script. However yesterday someone indicated this could be an issues after the change. So now I’m pulling my google doc links from google drive and entering it in the attachment field manually…will this URL be broken too after the November update?

Initially during the testing phase I was using airtable’s send email action, however after running it by co-workers they asked if I could send these via gmail so that we can get return messages. This is when I ran into the warning from Gmail.

However if using the airtable send action while providing a return email address in the message text yields the same result without needing domain admin access, then I may go that route.

When you upload a file to an attachments type field, you can see that Airtable automatically gives it a URL, something like dl.airtable.com/… This is what is going to change. So you will not want to send that link.

If the file is in Google Drive, you can get a link to it, and add that to a URL filed in Airtable, that will not change.

1 Like

You add that here, press the more options button:

1 Like

Wow…This is definitely my solution for now. Thanks