Hi so I’m sending emails via Gmail in a mobile game with the following
MailMessage mail = new MailMessage();
mail.IsBodyHtml = true;
mail.From = new MailAddress(fromEmail);
mail.To.Add(toEmail);
mail.Subject = emailSubject.text;
mail.Body = body;
SmtpClient smtpServer = new SmtpClient("smtp.gmail.com");
smtpServer.Port = 587;
smtpServer.Credentials = new System.Net.NetworkCredential(fromEmail, password) as ICredentialsByHost;
smtpServer.EnableSsl = true;
ServicePointManager.ServerCertificateValidationCallback =
delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
try
{
smtpServer.Send(mail);
}
catch (System.Exception)
{
sendingText.text = "Email could not be sent.";
}
finally
{
sendingText.text = sendCompleteText;
}
Everything is has been working fine for months, then out of the blue recently gmail is selectively blocking emails sent from the game. When I test on my devices it always works but when other people test on their devices it randomly blocks their emails, sometimes they send and sometimes they dont send and I see a critical security warning in gmail saying someone just used your password to try and sign into your account. In the security settings in Gmail I have Less Secure Account access turned to “On”.
Has anyone encountered this issue or have any suggestions on how to fix this? Any advice would be appreciated.
I would advise you not to do this at all. If you put your email password into your game, then it doesn’t take a particularly skilled hacker to extract it and start sending out spam using your email account. (In fact, if you haven’t already, you should check whether this has already happened–it seems like a plausible reason for Google to start placing more restrictions on your account.)
The usual way to generate emails from a game is to send the email from a game server, with the client able to request the server to send out certain kinds of emails on its behalf, but with restrictions in place to prevent rogue clients from generating spam. (e.g. only being able to send to your own account’s registered email address or to a few specific game-related addresses, putting flood protections in place, not accepting any hyperlinks from the client to be included in the emails, etc.)
@PraetorBlue@Antistone This isn’t a public facing app, its for internal use only sideloaded so security isnt an issue, its an email account i made for the app. Its just really weird cause its randomly blocking the emails, they could try in the morning and it doesnt work but then later in the day and it does, all coming the same address.
Google is blocking access. For whatever reason they have flagged your account as doing suspicious stuff. Either just sending emails from all these peoples’ different IPs is tripping Google’s security flags, or maybe someone you gave the game to (or it got leaked to or whatever) got the email credentials and is doing something nefarious with them.
It’s worth mentioning that there is a way to use your personal Gmail account without needing to use your personal login password. You can enable what’s called the “app passwords” feature on your Google account, which will generate a random key that’s meant to be used by an application to authenticate in the account.
You first need to enable 2-factor authentication on your Google account to enable the “app passwords” feature under the Security page, and then the “app passwords” option will appear under the 2FA option afterwards.
Perhaps that will prevent Google from flagging the account as suspicious.
Seems unlikely to help. The page you linked presents this as an alternative to “sign in with Google”, not as a way for many users/devices to share a single account. If anything, I would think switching to this would be more suspicious–although conceivably it might make Google pay less attention just because it’s less commonly-used and so maybe they haven’t thought about it as deeply.
It’s my vague recollection that Google only intends free services like Gmail or Translate for individual humans to use, and if you want to incorporate their services into the features of some software you are writing then they want to charge you money.