#400 Bad Request from MailChannels

1 messages · Page 1 of 1 (latest)

obsidian walrus
#

I am following the following blog post in setting up MailChannels: https://blog.bitgate.cz/send-email-at-scale-for-free-with-cloudflare-workers/

I used the following code:

export default {
  async fetch(request, env) {
    if (request.method !== 'POST') {
      return new Response('Method not supported', { status: 405 })
    }

    const token = request.headers.get('Authorization')?.replace('Bearer ', '')
    if (token !== env.TOKEN) {
      return new Response('Unauthorized', { status: 403 })
    }

    const body = await request.json()
    const email_body = {
      personalizations: [{
        to: body.to,
        // dkim_domain: 'example.com',
        // dkim_selector: 'mail1',
        // dkim_private_key: env.DKIM_PRIVATE_KEY,
      }],
      from: body.from,
      subject: body.subject,
      content: body.content,
      // headers: {
      //   'List-Unsubscribe': '<mailto:[email protected]?subject=unsubscribe>',
      // },
    }

    const email_request = new Request('https://api.mailchannels.net/tx/v1/send', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(email_body),
    })
    const res = await fetch(email_request)
    return new Response(`${res.status} ${res.statusText}`, { status: res.status })
  },
}

The request from mailchannels keeps returning with "400 Bad Request".

I did create the create the Domail Lockdown as mentioned here: https://support.mailchannels.com/hc/en-us/articles/16918954360845-Secure-your-domain-name-against-spoofing-with-Domain-Lockdown-

Would anyone have any suggestions on getting this to work?

Send email at scale for free with Cloudflare workers

I was looking for a cheap/free way to send email for a hobby project. At first I turned to Amazon SES, but after I tried to enable production access and received an extremely generic rejection, I got discouraged and put the project on hold. Recently I discovered an interesting way to send email for free using Cloudflare workers and MailChannels ...

Help Center
Secure your domain name against spoofing with Domain Lockdown™

Domain spoofing is a significant issue that threatens email integrity and security. Domain spoofing occurs when attackers pretend to send emails from a domain they do not own, typically with malici...

strong prism
#

Not a direct solution to your issue, but I would recommend avoiding MailChannels and using some other service like Amazon SES, Sendgrid, Postmark, etc.

There are a lot of security implications and their responses to the situation have been very undesirable. Further reading:

crimson shard
#

That's interesting. Does that vulnerability impact all domains on Cloudflare or just those using MailChannels?