我正在尝试验证电子邮件,但是当我遵循 mailgun 文档并获得如下代码时
https://documentation.mailgun.com/en/latest/user_manual.html#email-validation
EMAILPUBLICVALIDATIONKEY = 'my sexy key'
def validateemail(emailaddress):
return requests.get(
"https://api.mailgun.net/v3/address/validate",
auth=("api", EMAILPUBLICVALIDATIONKEY ),
params={'address': emailaddress}
)
我收到回复了
["{"Error":"exposed account credentials"}"]0: "{"Error":"exposed account credentials"}"length: 1__proto__: Array(0)
我之前实际上在 MailGun 中没有遇到过这个错误。但我假设
exposed account credentials有点不相关,但 GitHub 最近发布了一项功能,他们将扫描提交的 API 密钥和令牌,并通知公司它已被暴露。截至发布时,MailGun 似乎不在该列表中,但也有一个很小的机会,因为它处于测试阶段,该列表尚未更新。 https://help.github.com/articles/about-token-scanning/
这很可能是由于在 Github 上公开了 Mailgun API 密钥造成的。我将 API 密钥放在一个文件中并将其注释掉,但仍然被标记。如果您在 Mailgun 上提交票证,系统将发送包含以下说明的回复:
Due to the compromise, you will need to take a few steps to secure your Mailgun account:
- Remove the repository from Github or making the repository private. A new commit will not overwrite the previous commit history which contains the password.
- Please log in to the Mailgun Control Panel and reset your Mailgun account password. Click your email address in the top right, "Edit Account Info" -> "Password Change" section.
- Enable 2 Factor Authentication. Click your email address in the top right > Security > Two-Factor Authentication section.
- Reset your Mailgun API key. Under "Account Settings" -> "Security" click the refresh symbol to generate a new API key.
- Reset your SMTP credentials. Go to the "Domains" tab and repeat the following process for each domain listed in this view.
您需要转到您的 Mailgun 帐户,横幅会显示您的帐户已被暂停,然后您必须联系支持人员来解锁它
我暴露了 sandbox API 密钥,他们让我更改帐户中的所有应用程序上的 API 密钥。我说的是大量的应用程序,这些应用程序没有因共享沙箱密钥而受到损害,并且由于暴露了不相关的密钥而导致了巨大的重新部署成本。 如果您需要交易邮寄服务,请选择 mailgun 之外的其他服务。