Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
sendgrid-actionmailer
Advanced tools
An ActionMailer adapter to send email using SendGrid's HTTPS Web API (instead of SMTP). Compatible with Rails 5 and Sendgrid API v3.
Add this line to your application's Gemfile:
gem 'sendgrid-actionmailer'
Create a SendGrid API Key for your application. Then edit config/application.rb
or config/environments/$ENVIRONMENT.rb
and add/change the following to the ActionMailer configuration:
config.action_mailer.delivery_method = :sendgrid_actionmailer
config.action_mailer.sendgrid_actionmailer_settings = {
api_key: ENV['SENDGRID_API_KEY'],
raise_delivery_errors: true
}
Normal ActionMailer usage will now transparently be sent using SendGrid's Web API.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body')
Mail settings, such as sandbox_mode, may be applied globally through the sendgrid_actionmailer_settings configuration.
config.action_mailer.delivery_method = :sendgrid_actionmailer
config.action_mailer.sendgrid_actionmailer_settings = {
api_key: ENV['SENDGRID_API_KEY'],
mail_settings: { sandbox_mode: { enable: true }}
}
If you need to send mail for a number of Sendgrid accounts, you can set the API key for these as follows:
mail(to: 'example@email.com',
subject: 'email subject',
body: 'email body',
delivery_method_options: {
api_key: 'SENDGRID_API_KEY'
}
)
The Mail functionality is extended to include additional attributes provided by the Sendgrid API.
The id of a template that you would like to use. If you use a template that contains a subject, you do not need to specify a subject at the personalizations nor message level. However, because of the way ActionMailer works, a body is required, even if the template contains one. If all your emails use templates with a body, you can add default body: "not used"
to the top of your mailer.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', template_id: 'template_1')
An object of key/value pairs that define block sections of code to be used as substitutions.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', sections: {'%header%' => "<h1>Header</h1>"})
An object containing key/value pairs of header names and the value to substitute for them. You must ensure these are properly encoded if they contain unicode characters. Must not be one of the reserved headers.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', headers: {'X-CUSTOM-HEADER' => "foo"})
An array of category names for this message. Each category name may not exceed 255 characters.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', categories: ['marketing', 'sales'])
Values that are specific to the entire send that will be carried along with the email and its activity data. Substitutions will not be made on custom arguments, so any string that is entered into this parameter will be assumed to be the custom argument that you would like to be used. This parameter is overridden by personalizations[x].custom_args if that parameter has been defined. Total custom args size may not exceed 10,000 bytes.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', custom_args: {campaign: 'welcome'})
A unix timestamp allowing you to specify when you want your email to be delivered. This may be overridden by the personalizations[x].send_at parameter. You can't schedule more than 72 hours in advance. If you have the flexibility, it's better to schedule mail for off-peak times. Most emails are scheduled and sent at the top of the hour or half hour. Scheduling email to avoid those times (for example, scheduling at 10:53) can result in lower deferral rates because it won't be going through our servers at the same times as everyone else's mail.
This ID represents a batch of emails to be sent at the same time. Including a batch_id in your request allows you include this email in that batch, and also enables you to cancel or pause the delivery of that batch. For more information, see cancel_schedule_send
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', send_at: 1443636842, batch_id: 'batch1')
An object allowing you to specify how to handle unsubscribes.
The unsubscribe group to associate with this email.
An array containing the unsubscribe groups that you would like to be displayed on the unsubscribe preferences page.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', asm: { group_id: 99, groups_to_display: [4,5,6,7,8] })
The IP Pool that you would like to send this email from.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', ip_pool_name: 'marketing_ips')
A collection of different mail settings that you can use to specify how you would like this email to be handled.
This allows you to have a blind carbon copy automatically sent to the specified email address for every email that is sent.
Indicates if this setting is enabled.
The email address that you would like to receive the BCC.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', mail_settings: { bcc: { enable: true, email: 'bcc@example.com }})
Allows you to bypass all unsubscribe groups and suppressions to ensure that the email is delivered to every single recipient. This should only be used in emergencies when it is absolutely necessary that every recipient receives your email.
Indicates if this setting is enabled.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', mail_settings: { bypass_list_management: { enable: true }})
The default footer that you would like included on every email.
Indicates if this setting is enabled.
The plain text content of your footer.
The HTML content of your footer.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', mail_settings: { footer: { enable: true, text: 'FOOTER', html: '<h1>FOOTER</h1>' }})
This allows you to send a test email to ensure that your request body is valid and formatted correctly.
Indicates if this setting is enabled.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', mail_settings: { sandbox_mode: { enable: true }})
This allows you to test the content of your email for spam.
Indicates if this setting is enabled.
The threshold used to determine if your content qualifies as spam on a scale from 1 to 10, with 10 being most strict, or most likely to be considered as spam.
An Inbound Parse URL that you would like a copy of your email along with the spam report to be sent to.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', mail_settings: { spam_check: { enable: true, threshold: 1, post_to_url: 'https://spamcatcher.sendgrid.com' }})
Settings to determine how you would like to track the metrics of how your recipients interact with your email.
Allows you to track whether a recipient clicked a link in your email.
Indicates if this setting is enabled.
Indicates if this setting should be included in the text/plain portion of your email.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', tracking_settings: { click_tracking: { enable: false, enable_text: false }})
Allows you to track whether the email was opened or not, but including a single pixel image in the body of the content. When the pixel is loaded, we can log that the email was opened.
Indicates if this setting is enabled.
Allows you to specify a substitution tag that you can insert in the body of your email at a location that you desire. This tag will be replaced by the open tracking pixel.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', tracking_settings: { open_tracking: { enable: true, substitution_tag: 'Optional tag to replace with the open image in the body of the message' }})
Allows you to insert a subscription management link at the bottom of the text and html bodies of your email. If you would like to specify the location of the link within your email, you may use the substitution_tag.
Indicates if this setting is enabled.
Text to be appended to the email, with the subscription tracking link. You may control where the link is by using the tag <% %>
HTML to be appended to the email, with the subscription tracking link. You may control where the link is by using the tag <% %>
A tag that will be replaced with the unsubscribe URL. for example: [unsubscribe_url]. If this parameter is used, it will override both the text and html parameters. The URL of the link will be placed at the substitution tag’s location, with no additional formatting.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', tracking_settings: { subscription_tracking: { enable: true, text: 'text to insert into the text/plain portion of the message', html: 'html to insert into the text/html portion of the message', substitution_tag: 'Optional tag to replace with the open image in the body of the message' }})
Allows you to enable tracking provided by Google Analytics.
Indicates if this setting is enabled.
Name of the referrer source. (e.g. Google, SomeDomain.com, or Marketing Email)
Name of the marketing medium. (e.g. Email)
Used to identify any paid keywords.
Used to differentiate your campaign from advertisements.
The name of the campaign.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', tracking_settings: { ganalytics: { enable: true, utm_source: 'some source', utm_medium: 'some medium', utm_term: 'some term', utm_content: 'some content', utm_campaign: 'some campaign' }})
Data to provide for feeding the new dynamic templates in Sendgrid with valueable data. This also disables the following Unsubscribe links because of deprecation of substitutions in the new template implementaiton. Variables are available within templates using {{handlebar syntax}}.
mail(to: 'example@email.com', subject: 'email subject', body: 'email body', dynamic_template_data: { variable_1: 'foo', variable_2: 'bar' })
Allows providing a customized personalizations array for the v3 Mail Send endpoint. This allows customizing how an email is sent and also allows sending multiple different emails to different recipients with a single API call.
The personalizations object supports:
The following should be noted about these personalization attributes:
to
when calling the mail function.Also note that substitutions will not work with dynamic templates.
Example usage:
mail(subject: 'default subject', 'email body', personalizations: [
{ to: [{ email: 'example@example.com' }]},
{ to: [{ email: 'example2@example.com' }]}
])
Sendgrid unfortunately uses <% %> for their default substitution syntax, which makes it incompatible with Rails templates. Their proposed solution is to use Personalization Substitutions with the v3 Mail Send Endpoint. This gem makes that modification to make the following Rails friendly unsubscribe urls.
<a href="%asm_group_unsubscribe_raw_url%">Unsubscribe</a>
<a href="%asm_global_unsubscribe_raw_url%">Unsubscribe from List</a>
<a href="%asm_preferences_raw_url%">Manage Email Preferences</a>
Note: This feature, and substitutions in general, do not work in combination with dynamic templates.
The setting perform_send_request
is available to disable sending for testing purposes. Setting perform_send_request false and return_response true enables the testing of the JSON API payload.
FAQs
Unknown package
We found that sendgrid-actionmailer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.