Beginning 2:36 AM US Pacific time, Mailsac internal monitoring indicated slowness due to an abnormally large amount of spam coming from China. By approximately 6:30 AM we identified all root causes and believe the issue is resolved.
Our service employs several methods of blocking, shaping, and throttling egregious traffic from unpaid users. This particular attack worked around these automatic mitigation efforts, in part because the attackers opened thousands of sockets and left them open a long time, exploiting a loophole in our SMTP inbound receiver code.
Here is a graph of our inbound message rate showing the attack compared to baseline.
Last year, we soft-launched a new forwarding feature on private addresses. You may have noticed – underneath the “Forwarding” section, there is now a Forward to Slack option. (Manage Addresses > Settings > Forwarding)
With only a little clicking, you can have inbound emails dumped into a Slack channel. It’s easy – no coding, and no servers, are necessary.
We built this feature because we use Slack internally, and had a custom webhook translator to send certain emails to a channel. After a little copy and paste, code massaging, and unit testing, we were able to get the feature into the platform.
Email → Slack Options
After inserting a valid Slack Webhook URL, we give you the option to enable the To and From address to display in the Slack message (Include To and From in the slack message checkbox). Here’s the difference:
Enabling TO and FROM is useful for support requests, shared email inboxes, or when you might have multiple inboxes pointed at the same channel.
Disabling TO and FROM is useful for receiving alerts or notifications from the same service. For example, if you send a notification about a new purchase on your website to a Slack channel, and it always comes from the same service email address, you don’t need it to take up space in the Slack message.
Email Images and Attachments to Slack
The email-to-Slack forwarding feature supports file attachments, including images. Images will be displayed inline.
We recommend archiving attachments outside Slack at this time. Attachments are subject to recycling. Also, attachments must be made public in order for Slack to accept the messages. So do not send any PII or sensitive information. This is another reason why we chose to recycle attachments.
The same Mailsac message size limits apply for Slack. If you are interested in bumping up the attachment sizes, make a feature request or contact support and include your account ID.
The mail activity log will show forwards, and reports failures posting to Slack with error messages. (Dashboard / Usage / Recent Mail Activity Log)
As always, please post feedback and questions to the Mailsac Discussion Forum. We think the feature is useful as-is, but we are open to making changes to better meet our customers needs.
A new feature allows viewing recent activity across the account – inbound email messages, web socket publishing, webhooks, and Slack webhook posts.
From the dashboard, go to Usage & Analytics, then Recent Mail Activity Log.
The debug log shows all inbound, outbound, and publishing actions by 15 minute intervals. Business Plans and higher get access to at least 6 months of history. Free and Indie Plans can see the most recent 15 minutes.
We intend to continue improving this feature by including extended debugging information, response codes, bounces, and other useful information. Please share your experiences with us, and report any problems.
This is a good time to mention you can view have inbound and outbound message counts and bandwidth, up to 30 days currently visible.
This tool helps make it easier to understand how many messages your app is sending – whether it is a custom email app built atop Mailsac, or QA integration testing team.
When releasing a private address, there is now an option to “empty the inbox” – deleting all messages associated with the private address. You can find the option by clicking the settings button when managing your private addresses.
The API endpoint DELETE /api/addresses/:email now supports the query string deleteAddressMessages. When deleteAddressMessages=true is passed, all messages associated with the inbox will be deleted.
Please note that all messages are deleted, including starred/saved messages. It is immediate and irreversible.
The Mailsac dashboard has a brand new look. Our commonly used services are easier discover. You may find out about features you never new existed.
Setting up disposable or test email for a domain has never been easier. With the Mailsac Zero-Setup-Subdomain, choose you subdomain name and start receiving emails within minutes.
We do our best to build simple, indispensable APIs and tools for Quality Assurance teams. End to end testing of emails sent by web applications is easy with Mailsac. API Keys are included with all Mailsac accounts, including our free tier with generous API call limits.
Increase your privacy by using the Mailsac’s free disposable email service. Send to virtually any @mailsac.com address and view the email without ever signing in. To see all messages in an inbox and to view images you will need to sign up for a free account. With the free account you can star messages you need to keep and make them hidden to other users. If you find yourself needing extra email addresses that nobody else can see. They are available as an addon.
Mailsac now requires authentication on all API routes and many parts of the website. The API key for your account can be created and viewed from the dashboard. If you are using the website to view emails you will need to create an account and sign in to view the body, images, and headers.
Many API routes required authentication prior to this change. If you are a customer with an existing API key and using it to make your API requests, there are no changes you need to make.
If you were using anonymous access, you will need to create an account and create an API key.
There are three methods for authenticating to the API. HTTP Header, Query String Parameter, and Request JSON Body. To use the HTTP Header create the request header Mailsac-Key and use the value of your API key. To use the query string parameter append the query string parameter _mailsacKey to the query section (after ?) in the url. Example: https://email@example.com/messages?_mailsacKey=eoj1mn7x5y61w0egs25j6xrv During a POST or PUT operation a JSON field _mailsacKey can be used.
For a complete list of API Routes check out the API documentation.
The content of the most recent email received is still available without logging in. Older messages, images, and headers will require an account. You can register for an account for free.
SMTP passwords can be set per private address. This allows you to keep your API key separate from your SMTP passwords. This password can be set by selecting “Manage Email Addresses” in the Dashboard and selecting POP/SMTP next to the email address you want to define a SMTP password for.
Email can be forwarded using websockets, webhooks, slack, and catchall. The way email is forwarded has been changed for consistency. Reserved addresses, which are part of a catchall domain, will now be the inbox email is saved to. Catchall forwarding will still take place on websockets, webhooks, and slack webhooks.
Websocket post to *@domain.com and firstname.lastname@example.org
Webhook post to *@domain.com and email@example.com
Slack Webhook post to *@domain.com and firstname.lastname@example.org
The required TXT and MX records for setting up a BYODomain (Bring Your Own) are now compatible with most GUI DNS editors.
The current origin is referred by “example.com.”, which is RFC 1035 compliant. Notes on the page have been made showing that some GUI editors (such as Namecheap) require the use of a “@” in place of the current origin.