Are there controls to send an email programmatically? I’m trying to develop a pretty basic custom contact form and wanted to see if there was already an api call that can be used to send a basic email like the magic link or account signup emails that use the smtp config and not the mailgun transactional emails. I didnt see, or perhaps missed, a mention of this in the api docs.
I see that nodemailer is a package in the package.json already, what im looking for is if there is an api call that can already be done so i dont reinvent the wheel writing the send mail functions.
No, there is no API that exposes the underlying email logic.
Nodemailer is used for transactional emails and is completely wrapped. Unless you’re forking Ghost and building your own versions, it will be hard (well…I personally don’t know of a way) to access it directly.
From the front end having a contact form essentially, and then when a user fills out the form it would email an address. Thinking of a broader scale for ghost usage since there can be multiple authors there could be a selector for the author, but for my usage its a very basic contact form. I’d rather not embed like a google or MS form because then it will have to tie into other things like their google/MS account and i already have the smtp credentials in the server.
To get more specific its for a restaurant, they wanted a contact form to make reservations.
Providing a public api that will send email to someone without any extra checks would be a big risk for attacks. I remember the days that I have a contact form on my wordpress site. It’s almost always used by spammers Eventually you’ll need a bot/spam prevent mechanism, which requires a backend check. If you have your own backend, then I think there is no need to send email via Ghost anymore.
There’s not much difference between that and just having your email posted on a site, either way you have potential to be scraped somehow. A form makes it easier for a user though.
No, there is a difference. When email is sent by spammer, your spam blocker can detect it more easily. And spammer will need to handle an email server, and pay for it. But with contact form, email will be sent from your own mail server. Then you only have the content to detect the spam. If you don’t stop those spammers, your email server will be blacklisted, not the actual spammer.
getting a little off topic but i’d argue that posting an email address is worse. with a form you can have that sent to something controlled and expect questionable content to come in.
I mean, we were talking about having an API endpoint on Ghost that sends email to members or users. I was trying to tell why we don’t have a public email send endpoint.
But, a built-in form-to-email solution in Ghost would be nice though. Currently Tally or similar services are giving quite much customization options, and very easy to embed in a Ghost page, with some extra cost.
Digital Ocean is a full VPS. You can run any service you want that receives a contact form and delivers the contents to your email address. It’s going to be a good idea to pick an existing package if you’re not super technical, because it’s easy to accidentally end up being a spam source on this sort of thing if you don’t have it properly secured.
I personally have express + nodemailer running in my vps (separate from Ghost). My nodemailer sends email ONLY to me, as configured in my settings (never to an address specified by the user), with a from address of my server (so that bounces don’t annoy a possibly-forged “sender” on the contact form). Does it get occasional spam that annoys me, yes. Does it spam anyone else? No.
It would definitely have been easier (in hindsight) to have handed the email off to mailgun from nodemailer, but I didn’t do the easy thing, no. Sure didn’t.
Perfect, thank you Cathy, exactly what I was looking for.
Wow you even touched on DKIM and SPF… well done Time to update to account for MTA and DANE…maybe even some DNSSEC? jk.
Eventually you’ll need a bot/spam prevent mechanism, which requires a backend check. If you have your own backend, then I think there is no need to send email via Ghost anymore.
Time to update to account for MTA and DANE…maybe even some DNSSEC? jk.