============= Sending email ============= .. module:: django.core.mail :synopsis: Helpers to send email. Django provides wrappers for Python's :mod:`email` and :mod:`smtplib` modules to simplify composing and sending email. Django's email framework also supports swapping in different delivery mechanisms: you can direct email to the console or a file during development and an SMTP server or email service provider in production. The code lives in the ``django.core.mail`` module. Quick examples ============== Use :func:`send_mail` for straightforward email sending. For example, to send a plain text message:: from django.core.mail import send_mail send_mail( "Subject here", "Here is the message.", "from@example.com", ["to@example.com"], ) When additional email sending functionality is needed, use the :ref:`EmailMessage ` or :class:`EmailMultiAlternatives` class. For example, to send a multipart email that includes both HTML and plain text versions with a specific template and custom headers, you can use the following approach:: from django.core.mail import EmailMultiAlternatives from django.template.loader import render_to_string # First, render the plain text content. text_content = render_to_string( "templates/emails/my_email.txt", context={"my_variable": 42}, ) # Secondly, render the HTML content. html_content = render_to_string( "templates/emails/my_email.html", context={"my_variable": 42}, ) # Then, create a multipart email instance. msg = EmailMultiAlternatives( subject="Subject here", body=text_content, from_email="from@example.com", to=["to@example.com"], headers={"List-Unsubscribe": ""}, ) # Lastly, attach the HTML content to the email instance and send. msg.attach_alternative(html_content, "text/html") msg.send() .. _topic-email-configuration: Configuring email ================= New Django projects are not configured to send email by default. Instead, email is printed to the console as a development aid (for projects created with :djadmin:`startproject`) or results in a ``MailerDoesNotExist`` error (when the :setting:`MAILERS` setting isn't defined). Use the :setting:`MAILERS` setting to tell Django how to send email. For example, to send through an SMTP server running on the local machine:: MAILERS = { "default": { "BACKEND": "django.core.mail.backends.smtp.EmailBackend", "OPTIONS": { "host": "localhost", }, }, } Django abstracts the email sending process into an "email backend" class. :ref:`topic-email-backends` lists the email backends that come with Django. The example above uses Django's :ref:`SMTP email backend `, which sends using the standard `SMTP`_ protocol. This backend is useful for many production configurations, including SMTP servers in your own infrastructure and most commercial email service providers (ESPs). There are also :ref:`third-party email backends ` available that integrate directly with ESP APIs or add other sending features. During development or testing you often don't want to send email at all. Django's test runner :ref:`automatically overrides ` the :setting:`MAILERS` configuration to substitute Django's :ref:`memory email backend `. This prevents test cases from sending real email and gives them access to the messages that would have been sent. :ref:`topics/email:Configuring email for development` discusses some other approaches. .. versionchanged:: 6.1 In earlier releases, Django defaulted to sending email through an SMTP server running on localhost, using the now-deprecated :setting:`EMAIL_BACKEND` and related settings. .. deprecated:: 6.1 Until Django 7.0, if the :setting:`MAILERS` setting is not defined then the earlier behavior still applies: Django will default to using an SMTP server on localhost (but will issue deprecation warnings). Starting in Django 7.0, attempts to send email without :setting:`MAILERS` defined will result in a ``MailerDoesNotExist`` error. Existing projects can opt into the new behavior early by adding :setting:`MAILERS` to ``settings.py``. See :ref:`migrating-to-mailers`. Multiple mailers ---------------- Sometimes different types of email need to be sent in different ways: e.g., internal vs. external email, different SMTP servers for users in different regions, using different services for transactional notifications and bulk marketing email, etc. The :setting:`MAILERS` setting can define multiple mail configurations. For example:: import os MAILERS = { "default": { "BACKEND": "django.core.mail.backends.smtp.EmailBackend", "OPTIONS": { "host": "smtp.example.net", "use_tls": True, "username": os.environ["EMAIL_ACCOUNT_ID"], "password": os.environ["EMAIL_API_KEY"], }, }, "notifications": { "BACKEND": "example.third.party.EmailBackend", "OPTIONS": { "api_key": os.environ["THIRD_PARTY_API_KEY"], "region": "eu", }, }, "admin": { "BACKEND": "django.core.mail.backends.smtp.EmailBackend", "OPTIONS": { "host": "localhost", }, }, } This defines three mailer configurations: * ``"default"`` sends through an SMTP server at ``smtp.example.net`` with a TLS secured connection. It reads an account id and API key from environment variables and uses them as the SMTP authentication username and password. (Many SMTP services use some variation of this authentication scheme.) * ``"notifications"`` sends through a hypothetical commercial email service, using a third-party EmailBackend that connects directly to their API. (See :ref:`topic-third-party-email-backends` for pointers on locating real, community maintained email backend packages.) * ``"admin"`` sends through an SMTP server running on ``localhost``, with no other options required. With this configuration, you can provide the ``using`` argument to Django's :ref:`email sending functions ` to specify a particular mailer configuration:: from django.core.mail import send_mail send_mail( "Account activated", "Congratulations, you're all ready to use our Django app!", "from@example.com", ["user@example.com"], using="notifications", ) If ``using`` is not specified, Django uses the mailer defined for the ``"default"`` configuration. With reusable apps or Django features that send email for you, there may be an option to use a specific mailer configuration. For example, Django's logging :class:`~django.utils.log.AdminEmailHandler` allows specifying the mailer configuration in its ``using`` option. .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _topic-email-sending: Sending messages ================ :mod:`!django.core.mail` provides functions for conveniently sending email, as well as classes for building and sending more complex email messages with attachments and multiple content types. .. note:: The character set of email sent with ``django.core.mail`` will be set to the value of your :setting:`DEFAULT_CHARSET` setting. ``send_mail()`` --------------- .. function:: send_mail(subject, message, from_email, recipient_list, *, fail_silently=False, auth_user=None, auth_password=None, connection=None, html_message=None) ``django.core.mail.send_mail()`` sends a single email message. The ``subject``, ``message``, ``from_email`` and ``recipient_list`` parameters are required. * ``subject``: A string. * ``message``: A string. * ``from_email``: A string. If ``None``, Django will use the value of the :setting:`DEFAULT_FROM_EMAIL` setting. * ``recipient_list``: A list of strings, each an email address. Each member of ``recipient_list`` will see the other recipients in the "To:" field of the email message. The following parameters are optional, and must be given as keyword arguments if used. * ``fail_silently``: A boolean, default ``False``. If set ``True``, ``send_mail()`` will suppress some errors during sending. (The exact exceptions ignored depend on the email backend in use.) * ``auth_user``: The optional username to use to authenticate to the SMTP server. If this isn't provided, Django will use the value of the :setting:`EMAIL_HOST_USER` setting. * ``auth_password``: The optional password to use to authenticate to the SMTP server. If this isn't provided, Django will use the value of the :setting:`EMAIL_HOST_PASSWORD` setting. * ``connection``: The optional email backend to use to send the mail. If unspecified, an instance of the default backend will be used. See the documentation on :ref:`Email backends ` for more details. * ``html_message``: If ``html_message`` is provided, the resulting email will be a :mimetype:`multipart/alternative` email with ``message`` as the :mimetype:`text/plain` content type and ``html_message`` as the :mimetype:`text/html` content type. * ``using``: An optional :setting:`MAILERS` alias to use to send the mail. If unspecified, the default mailer configuration will be used. ``fail_silently``, ``auth_user``, ``auth_password``, and ``connection`` are not allowed with the ``using`` argument. The return value will be the number of successfully delivered messages (which can be ``0`` or ``1`` since it can only send one message). .. deprecated:: 6.0 Passing ``fail_silently`` and later parameters as positional arguments is deprecated. .. deprecated:: 6.1 The ``fail_silently``, ``auth_user``, ``auth_password``, and ``connection`` arguments are deprecated. In most cases they can be replaced by ``using`` with an appropriate :setting:`MAILERS` configuration. See :ref:`migrating-to-mailers-fail-silently`, :ref:`migrating-to-mailers-auth`, and :ref:`migrating-to-mailers-get-connection`. .. versionchanged:: 6.1 The ``using`` argument was added. Older versions ignored ``fail_silently=True``, ``auth_user``, and ``auth_password`` when a ``connection`` was also provided. This now raises a ``TypeError``. ``send_mass_mail()`` -------------------- .. function:: send_mass_mail(datatuple, *, fail_silently=False, auth_user=None, auth_password=None, connection=None, using=None) ``django.core.mail.send_mass_mail()`` is intended to handle mass emailing. ``datatuple`` is a tuple in which each element is in this format:: (subject, message, from_email, recipient_list) ``fail_silently``, ``auth_user``, ``auth_password`` and ``connection`` have the same functions as in :func:`send_mail`. They must be given as keyword arguments if used, and are not allowed with the ``using`` argument. The keyword argument ``using`` is an optional :setting:`MAILERS` alias to use to send the mail. If unspecified, the default mailer configuration will be used. Each separate element of ``datatuple`` results in a separate email message. As in :func:`send_mail`, recipients in the same ``recipient_list`` will all see the other addresses in the email messages' "To:" field. For example, the following code would send two different messages to two different sets of recipients; however, only one connection to the mail server would be opened:: message1 = ( "Subject here", "Here is the message", "from@example.com", ["first@example.com", "other@example.com"], ) message2 = ( "Another Subject", "Here is another message", "from@example.com", ["second@test.com"], ) send_mass_mail((message1, message2)) The return value will be the number of successfully delivered messages. .. deprecated:: 6.0 Passing ``fail_silently`` and later parameters as positional arguments is deprecated. .. deprecated:: 6.1 The ``fail_silently``, ``auth_user``, ``auth_password``, and ``connection`` arguments are deprecated. In most cases they can be replaced by ``using`` with an appropriate :setting:`MAILERS` configuration. See :ref:`migrating-to-mailers-fail-silently`, :ref:`migrating-to-mailers-auth`, and :ref:`migrating-to-mailers-get-connection`. .. versionchanged:: 6.1 The ``using`` argument was added. Older versions ignored ``fail_silently=True``, ``auth_user``, and ``auth_password`` when a ``connection`` was also provided. This now raises a ``TypeError``. ``send_mass_mail()`` vs. ``send_mail()`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The main difference between :func:`send_mass_mail` and repeatedly calling :func:`send_mail` is that :func:`send_mail` opens a connection to the mail server each time it's executed, while :func:`send_mass_mail` uses a single connection for all of its messages. This makes :func:`send_mass_mail` slightly more efficient. :func:`send_mail` with multiple ``to`` addresses sends a single email message, with ``john@example.com`` and ``jane@example.com`` both appearing in the "To:" field:: send_mail( "Subject", "Message.", "from@example.com", ["john@example.com", "jane@example.com"], ) :func:`send_mass_mail` sends a separate message per ``datatuple`` element, so ``john@example.com`` and ``jane@example.com`` each receive their own email:: datatuple = ( ("Subject", "Message.", "from@example.com", ["john@example.com"]), ("Subject", "Message.", "from@example.com", ["jane@example.com"]), ) send_mass_mail(datatuple) ``mail_admins()`` ----------------- .. function:: mail_admins(subject, message, *, fail_silently=False, connection=None, html_message=None, using=None) ``django.core.mail.mail_admins()`` is a shortcut for sending an email to the site admins, as defined in the :setting:`ADMINS` setting. ``mail_admins()`` prefixes the subject with the value of the :setting:`EMAIL_SUBJECT_PREFIX` setting, which is ``"[Django] "`` by default. The "From:" header of the email will be the value of the :setting:`SERVER_EMAIL` setting. This method exists for convenience and readability. If ``html_message`` is provided, the resulting email will be a :mimetype:`multipart/alternative` email with ``message`` as the :mimetype:`text/plain` content type and ``html_message`` as the :mimetype:`text/html` content type. The keyword argument ``using`` is an optional :setting:`MAILERS` alias to use to send the mail. If unspecified, the default mailer configuration will be used. .. deprecated:: 6.0 Passing ``fail_silently`` and later parameters as positional arguments is deprecated. .. deprecated:: 6.1 The ``fail_silently`` and ``connection`` arguments are deprecated. In most cases they can be replaced by ``using`` with an appropriate :setting:`MAILERS` configuration. See :ref:`migrating-to-mailers-fail-silently` and :ref:`migrating-to-mailers-get-connection`. .. versionchanged:: 6.1 The ``using`` argument was added. Older versions ignored ``fail_silently=True`` when a ``connection`` was also provided. This now raises a ``TypeError``. ``mail_managers()`` ------------------- .. function:: mail_managers(subject, message, *, fail_silently=False, connection=None, html_message=None, using=None) ``django.core.mail.mail_managers()`` is just like ``mail_admins()``, except it sends an email to the site managers, as defined in the :setting:`MANAGERS` setting. The keyword argument ``using`` is an optional :setting:`MAILERS` alias to use to send the mail. If unspecified, the default mailer configuration will be used. .. deprecated:: 6.0 Passing ``fail_silently`` and later parameters as positional arguments is deprecated. .. deprecated:: 6.1 The ``fail_silently`` and ``connection`` arguments are deprecated. In most cases they can be replaced by ``using`` with an appropriate :setting:`MAILERS` configuration. See :ref:`migrating-to-mailers-fail-silently` and :ref:`migrating-to-mailers-get-connection`. .. versionchanged:: 6.1 The ``using`` argument was added. Older versions ignored ``fail_silently=True`` when a ``connection`` was also provided. This now raises a ``TypeError``. .. _topic-email-message: The ``EmailMessage`` class -------------------------- Django's :func:`send_mail` and :meth:`send_mass_mail` functions are actually thin wrappers that make use of the :class:`EmailMessage` class. Not all features of the :class:`EmailMessage` class are available through the :func:`send_mail` and related wrapper functions. If you wish to use advanced features, such as BCC'ed recipients, file attachments, or multi-part email, you'll need to create :class:`EmailMessage` instances directly. .. note:: This is a design feature. :func:`send_mail` and related functions were originally the only interface Django provided. However, the list of parameters they accepted was slowly growing over time. It made sense to move to a more object-oriented design for email messages and retain the original functions only for backwards compatibility. :class:`EmailMessage` is responsible for creating the email message itself. The :ref:`email backend ` is then responsible for sending the email. For convenience, :class:`EmailMessage` provides a :meth:`~EmailMessage.send` method for sending a single email. If you need to send multiple messages, the email backend API :ref:`provides an alternative `. .. class:: EmailMessage The :class:`!EmailMessage` class is initialized with the following parameters. All parameters are optional and can be set at any time prior to calling the :meth:`send` method. The first four parameters can be passed as positional or keyword arguments, but must be in the given order if positional arguments are used: * ``subject``: The subject line of the email. * ``body``: The body text. This should be a plain text message. * ``from_email``: The sender's address. Both ``fred@example.com`` and ``"Fred" `` forms are legal. If omitted, the :setting:`DEFAULT_FROM_EMAIL` setting is used. * ``to``: A list or tuple of recipient addresses. The following parameters must be given as keyword arguments if used: * ``cc``: A list or tuple of recipient addresses used in the "Cc" header when sending the email. * ``bcc``: A list or tuple of addresses used for blind carbon copies when sending the email. * ``reply_to``: A list or tuple of recipient addresses used in the "Reply-To" header when sending the email. * ``attachments``: A list of attachments to put on the message. Each can be an instance of :class:`~email.message.MIMEPart` or :class:`EmailAttachment`, or a tuple with attributes ``(filename, content, mimetype)``. .. deprecated:: 6.0 Support for Python's legacy :class:`~email.mime.base.MIMEBase` objects in ``attachments`` is deprecated. Use :class:`~email.message.MIMEPart` instead. * ``headers``: A dictionary of extra headers to put on the message. The keys are the header name, values are the header values. It's up to the caller to ensure header names and values are in the correct format for an email message. The corresponding attribute is ``extra_headers``. * ``connection``: An :ref:`email backend ` instance. This parameter is ignored when using :ref:`send_messages() `. .. deprecated:: 6.1 The ``connection`` argument is deprecated. Instead, define a :setting:`MAILERS` configuration with the desired connection options, and then call :meth:`EmailMessage.send(using="...") ` with that configuration's alias. See :ref:`migrating-to-mailers`. .. deprecated:: 6.0 Passing all except the first four parameters as positional arguments is deprecated. For example:: from django.core.mail import EmailMessage email = EmailMessage( subject="Hello", body="Body goes here", from_email="from@example.com", to=["to1@example.com", "to2@example.com"], bcc=["bcc@example.com"], reply_to=["another@example.com"], headers={"Message-ID": "foo"}, ) The class has the following methods: .. method:: send(fail_silently=False, *, using=None) Sends the message. Returns ``1`` if the message was sent successfully, otherwise ``0``. (An empty list of recipients returns ``0`` -- it will not raise an exception.) The optional ``using`` keyword argument specifies a :setting:`MAILERS` alias to use to send the mail. If not given, the default mailer configuration will be used. If a deprecated connection was specified when the email was constructed, that connection will be used. Providing both a connection and ``using`` will raise an error. If the deprecated keyword argument ``fail_silently`` is ``True``, certain backend-dependent exceptions while sending the message will be ignored. Providing both ``fail_silently`` and ``using`` will raise an error. .. versionchanged:: 6.1 The ``using`` argument was added. Older versions ignored ``fail_silently=True`` when a ``connection`` was also provided. This now raises a ``TypeError``. .. deprecated:: 6.1 The ``fail_silently`` argument is deprecated. See :ref:`migrating-to-mailers-fail-silently` for alternatives. .. method:: message(*, policy=email.policy.default) Constructs and returns a Python :class:`email.message.EmailMessage` object representing the message to be sent. The keyword argument ``policy`` allows specifying the set of rules for updating and serializing the representation of the message. It must be an :mod:`email.policy.Policy ` object. Defaults to :data:`email.policy.default`. In certain cases you may want to use :data:`~email.policy.SMTP`, :data:`~email.policy.SMTPUTF8` or a custom policy. For example, the :ref:`SMTP email backend ` uses the :data:`~email.policy.SMTP` policy to ensure ``\r\n`` line endings as required by the SMTP protocol. If you ever need to extend Django's :class:`EmailMessage` class, you'll probably want to override this method to put the content you want into the Python EmailMessage object. .. method:: recipients() Returns a list of all the recipients of the message, whether they're recorded in the ``to``, ``cc`` or ``bcc`` attributes. This is another method you might need to override when subclassing, because the SMTP server needs to be told the full list of recipients when the message is sent. If you add another way to specify recipients in your class, they need to be returned from this method as well. .. method:: attach(filename, content, mimetype) attach(mimepart) Creates a new attachment and adds it to the message. There are two ways to call :meth:`!attach`: * You can pass it three arguments: ``filename``, ``content`` and ``mimetype``. ``filename`` is the name of the file attachment as it will appear in the email, ``content`` is the data that will be contained inside the attachment and ``mimetype`` is the optional MIME type for the attachment. If you omit ``mimetype``, the MIME content type will be guessed from the filename of the attachment. For example:: message.attach("design.png", img_data, "image/png") If you specify a ``mimetype`` of :mimetype:`message/rfc822`, ``content`` can be a :class:`django.core.mail.EmailMessage` or Python's :class:`email.message.EmailMessage` or :class:`email.message.Message`. For a ``mimetype`` starting with :mimetype:`text/`, content is expected to be a string. Binary data will be decoded using UTF-8, and if that fails, the MIME type will be changed to :mimetype:`application/octet-stream` and the data will be attached unchanged. * Or for attachments requiring additional headers or parameters, you can pass :meth:`!attach` a single Python :class:`~email.message.MIMEPart` object. This will be attached directly to the resulting message. For example, to attach an inline image with a :mailheader:`Content-ID`:: import email.utils from email.message import MIMEPart from django.core.mail import EmailMultiAlternatives message = EmailMultiAlternatives(...) image_data_bytes = ... # Load image as bytes # Create a random Content-ID, including angle brackets cid = email.utils.make_msgid() inline_image = email.message.MIMEPart() inline_image.set_content( image_data_bytes, maintype="image", subtype="png", # or "jpeg", etc. depending on the image type disposition="inline", cid=cid, ) message.attach(inline_image) # Refer to Content-ID in HTML without angle brackets message.attach_alternative(f'… …', "text/html") Python's :meth:`email.contentmanager.set_content` documentation describes the supported arguments for ``MIMEPart.set_content()``. .. deprecated:: 6.0 Support for :class:`email.mime.base.MIMEBase` attachments is deprecated. Use :class:`~email.message.MIMEPart` instead. .. method:: attach_file(path, mimetype=None) Creates a new attachment using a file from your filesystem. Call it with the path of the file to attach and, optionally, the MIME type to use for the attachment. If the MIME type is omitted, it will be guessed from the filename. You can use it like this:: message.attach_file("/images/weather_map.png") For MIME types starting with :mimetype:`text/`, binary data is handled as in :meth:`attach`. .. class:: EmailAttachment A named tuple to store attachments to an email. The named tuple has the following indexes: * ``filename`` * ``content`` * ``mimetype`` Sending alternative content types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sending multiple content versions ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It can be useful to include multiple versions of the content in an email; the classic example is to send both text and HTML versions of a message. With Django's email library, you can do this using the :class:`EmailMultiAlternatives` class. .. class:: EmailMultiAlternatives A subclass of :class:`EmailMessage` that allows additional versions of the message body in the email via the :meth:`attach_alternative` method. This directly inherits all methods (including the class initialization) from :class:`EmailMessage`. .. attribute:: alternatives A list of :class:`EmailAlternative` named tuples. This is particularly useful in tests:: self.assertEqual(len(msg.alternatives), 1) self.assertEqual(msg.alternatives[0].content, html_content) self.assertEqual(msg.alternatives[0].mimetype, "text/html") Alternatives should only be added using the :meth:`attach_alternative` method, or passed to the constructor. .. method:: attach_alternative(content, mimetype) Attach an alternative representation of the message body in the email. For example, to send a text and HTML combination, you could write:: from django.core.mail import EmailMultiAlternatives subject = "hello" from_email = "from@example.com" to = "to@example.com" text_content = "This is an important message." html_content = "

This is an important message.

" msg = EmailMultiAlternatives(subject, text_content, from_email, [to]) msg.attach_alternative(html_content, "text/html") msg.send() .. method:: body_contains(text) Returns a boolean indicating whether the provided ``text`` is contained in the email ``body`` and in all attached MIME type ``text/*`` alternatives. This can be useful when testing emails. For example:: def test_contains_email_content(self): subject = "Hello World" from_email = "from@example.com" to = "to@example.com" msg = EmailMultiAlternatives(subject, "I am content.", from_email, [to]) msg.attach_alternative("

I am content.

", "text/html") self.assertIs(msg.body_contains("I am content"), True) self.assertIs(msg.body_contains("

I am content.

"), False) .. class:: EmailAlternative A named tuple to store alternative versions of email content. The named tuple has the following indexes: * ``content`` * ``mimetype`` Updating the default content type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ By default, the MIME type of the ``body`` parameter in an :class:`EmailMessage` is ``"text/plain"``. It is good practice to leave this alone, because it guarantees that any recipient will be able to read the email, regardless of their mail client. However, if you are confident that your recipients can handle an alternative content type, you can use the ``content_subtype`` attribute on the :class:`EmailMessage` class to change the main content type. The major type will always be ``"text"``, but you can change the subtype. For example:: msg = EmailMessage(subject, html_content, from_email, [to]) msg.content_subtype = "html" # Main content is now text/html msg.send() Preventing header injection --------------------------- `Header injection`_ is a security exploit in which an attacker inserts extra email headers to control the "To:" and "From:" in email messages that your scripts generate. The Django email functions outlined above all protect against header injection by forbidding newlines in header values. If any ``subject``, ``from_email`` or ``recipient_list`` contains a newline (in either Unix, Windows or Mac style), the email function (e.g. :func:`send_mail`) will raise :exc:`ValueError` and, hence, will not send the email. It's your responsibility to validate all data before passing it to the email functions. If a ``message`` contains headers at the start of the string, the headers will be printed as the first bit of the email message. Here's an example view that takes a ``subject``, ``message`` and ``from_email`` from the request's POST data, sends that to ``admin@example.com`` and redirects to "/contact/thanks/" when it's done:: from django.core.mail import send_mail from django.http import HttpResponse, HttpResponseRedirect def send_email(request): subject = request.POST.get("subject", "") message = request.POST.get("message", "") from_email = request.POST.get("from_email", "") if subject and message and from_email: try: send_mail(subject, message, from_email, ["admin@example.com"]) except ValueError: return HttpResponse("Invalid header found.") return HttpResponseRedirect("/contact/thanks/") else: # In reality we'd use a form class # to get proper validation errors. return HttpResponse("Make sure all fields are entered and valid.") .. _Header injection: http://www.nyphp.org/phundamentals/8_Preventing-Email-Header-Injection.html .. _topics-sending-multiple-emails: Sending many messages efficiently --------------------------------- Establishing and closing an SMTP connection (or any other network connection, for that matter) is an expensive process. If you have a lot of emails to send, it makes sense to reuse an SMTP connection, rather than creating and destroying a connection every time you want to send an email. There are two ways to tell an email backend to reuse a connection. Both involve obtaining an email backend instance from :data:`.mail.mailers` and using the :ref:`backend's API `. The first approach is to use the backend's ``send_messages()`` method. This takes a list of :class:`EmailMessage` (or subclass) instances, and sends them all using that single connection. For example, if you have a function called ``get_notification_emails()`` that returns a list of :class:`EmailMessage` objects representing some periodic email you wish to send out, you could send these emails using a single call to ``send_messages()``:: from django.core import mail email_list = get_notification_emails() # Use the default mailer. You could substitute # mail.mailers["alias"] for a specific mailer. backend = mail.mailers.default backend.send_messages(email_list) In this example, the call to ``send_messages()`` opens a connection on the backend, sends the list of messages, and then closes the connection again. (This is how :func:`send_mass_mail` is implemented.) The second approach is to use the ``open()`` and ``close()`` methods on the email backend to manually control the connection. ``send_messages()`` will not open or close the connection if it is already open, so if you manually open the connection, you can control when it is closed. For example:: from django.core import mail # Use the "notifications" mailer configuration. backend = mail.mailers["notifications"] # Manually open the connection. backend.open() # Construct an email message. (Passing None as the third argument # uses settings.DEFAULT_FROM_EMAIL as the "From:" address.) email1 = mail.EmailMessage("Hi", "Message", None, ["to1@example.com"]) # Send the email. The connection was already open, so send_messages() # leaves it open after sending. backend.send_messages([email1]) # Construct and send two more messages. The connection is still open. email2 = mail.EmailMessage("Hi", "Message", None, ["to2@example.com"]) email3 = mail.EmailMessage("Hi", "Message", None, ["to3@example.com"]) backend.send_messages([email2, email3]) # Because we opened it, we need to manually close the connection. backend.close() When you manually open a backend's connection, you are responsible for ensuring it gets closed. The example above actually has a bug: if an exception occurs while sending the messages, the connection will not be closed. This can be fixed with a ``try``-``finally`` statement, but using the backend instance as a context manager is preferable, as it automatically calls ``open()`` and ``close()`` as needed. This is equivalent to the previous example, but uses the backend as a :ref:`context manager ` to avoid leaving the connection open on errors:: from django.core import mail # Use mail.mailers[...] as a context manager. with mail.mailers["notifications"] as backend: # The backend connection is automatically opened inside the context. email1 = mail.EmailMessage("Hi", "Message", None, ["to1@example.com"]) backend.send_messages([email1]) # The connection is still open, and is reused for the second send. email2 = mail.EmailMessage("Hi", "Message", None, ["to2@example.com"]) email3 = mail.EmailMessage("Hi", "Message", None, ["to3@example.com"]) backend.send_messages([email2, email3]) # After exiting the context (either normally or because of an error), # the backend connection is automatically closed. .. _topic-email-backends: Email backends ============== The actual sending of an email is handled by the email backend. Django comes with several email backends. With the exception of the SMTP backend, these are mainly useful during testing and development. If the built-in backends don't meet your needs there are :ref:`third-party packages ` available. You can also subclass one of the built-in backends to change its behavior, or even :ref:`write your own email backend `. .. _topic-email-smtp-backend: SMTP backend ------------ The SMTP email backend connects to an SMTP server to send email. To use it, set :setting:`BACKEND ` to ``"django.core.mail.backends.smtp.EmailBackend"``. The SMTP backend supports these :setting:`OPTIONS `: * ``"host"`` (required): the SMTP server hostname or IP address. * ``"port"``: the port number to connect to on the SMTP host. If omitted, uses the standard port for the connection protocol depending on the ``"use_tls"`` and ``"use_ssl"`` options: ``587`` for TLS, ``465`` for SSL, or ``25`` for an unsecured connection. * ``"username"`` and ``"password"``: set these if your server requires SMTP authentication ("SMTP AUTH" credentials, sometimes called SMTP login). Although the username is often an email address, it should not be confused with default "From:" addresses. Those are defined by the :setting:`DEFAULT_FROM_EMAIL` and :setting:`SERVER_EMAIL` settings. * ``"use_tls"`` or ``"use_ssl"``: set one of these options to ``True`` to connect to the SMTP server using a secure protocol -- ``"use_tls"`` for explicit TLS or ``"use_ssl"`` for SSL (implicit TLS). * ``"ssl_certfile"`` and ``"ssl_keyfile"``: if the SMTP server's SSL/TLS connection requires client certificate authentication, use these options to specify the paths to a PEM-formatted certificate chain file and private key file. (The key file can be omitted if the certificate file includes the private key.) These options are not intended for use with a private certificate authority or self-signed SMTP server certificate. See :ref:`topic-email-smtp-private-ca` below. Note that these options don't result in checking certificate validity. They are passed to the underlying SSL connection. Refer to the documentation of Python's :meth:`ssl.SSLContext.wrap_socket` method for details on how the certificate chain file and private key file are handled. * ``"timeout"``: the timeout (in seconds) for connecting to the SMTP server and other blocking operations. If not specified, the value is obtained from :func:`socket.getdefaulttimeout`, which defaults to no timeout (``None``) meaning SMTP operations can block indefinitely. * ``"fail_silently"``: set to ``True`` to ignore certain errors while sending a message. All :exc:`OSError`\s are ignored while opening the SMTP connection, and :exc:`smtplib.SMTPException` errors are ignored while communicating with the server. This will suppress both transient network glitches and also serious configuration problems. However, it does not ignore *all* errors, and problems with serializing the message will not fail silently. (This option is available for backward compatibility but is not recommended for typical use.) Example:: MAILERS = { "default": { "BACKEND": "django.core.mail.backends.smtp.EmailBackend", "OPTIONS": { "host": "smtp.example.net", "use_tls": True, "username": "my-app", "password": os.environ["MY_APP_SMTP_PASSWORD"], "timeout": 10, }, }, } .. deprecated:: 6.1 When the :setting:`MAILERS` setting is not defined, Django uses the SMTP backend as the default mailer (the default :setting:`EMAIL_BACKEND`), connecting to localhost on port 25. This behavior will be removed in Django 7.0, which will not have a default mailer configuration. When the SMTP backend is used without :setting:`MAILERS` defined, the options listed above are obtained from the deprecated :setting:`EMAIL_HOST`, :setting:`EMAIL_PORT`, :setting:`EMAIL_HOST_USER`, :setting:`EMAIL_HOST_PASSWORD`, :setting:`EMAIL_USE_TLS`, :setting:`EMAIL_USE_SSL`, :setting:`EMAIL_SSL_KEYFILE`, :setting:`EMAIL_SSL_CERTFILE`, and :setting:`EMAIL_TIMEOUT` settings, respectively. (There is no setting equivalent to the ``"fail_silently"`` option.) .. RemovedInDjango70Warning: class documentation for smtp.EmailBackend. .. class:: backends.smtp.EmailBackend Directly instantiating an ``EmailBackend`` class is not recommended. Use :data:`mailers` to obtain a backend instance. When constructed directly (without going through :data:`mailers`), the SMTP ``EmailBackend`` class accepts the options listed above as keyword arguments. Default values come from the corresponding, deprecated ``EMAIL_*`` settings. ``host`` is not required and defaults to ``"localhost"``, and ``port`` defaults to ``25`` even if ``use_tls`` or ``use_ssl`` is True. When the :setting:`MAILERS` setting is defined, attempting to directly create an SMTP ``EmailBackend`` will raise an ``AttributeError``. .. deprecated:: 6.1 Directly constructing an instance of an ``EmailBackend`` class will be unsupported in Django 7.0. Undocumented use will result in different default argument handling compared to earlier releases. .. _topic-email-smtp-private-ca: Private and self-signed SMTP server certificates ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If the SMTP server uses an SSL certificate from a private certificate authority (CA), the CA's root certificate should be added to the system CA bundle on the client (where Django is running). Likewise, if the server uses a self-signed certificate, it should be added to the client's system CA bundle so it can be trusted. (The SMTP backend's ``"ssl_certfile"`` option cannot be used for CA roots or self-signed certificates.) Follow platform-specific instructions for adding to the system CA bundle. If modifying the system bundle is not possible or desired, an alternative is using OpenSSL's ``SSL_CERT_FILE`` or ``SSL_CERT_DIR`` environment variables to specify a custom certificate bundle. For more complex scenarios, the SMTP backend can be subclassed to add root certificates to its ``ssl_context`` using :meth:`ssl.SSLContext.load_verify_locations`. .. _topic-email-console-backend: Console backend --------------- Instead of sending out real emails, the console backend writes the emails that would be sent to the standard output. To use it, set :setting:`BACKEND ` to ``"django.core.mail.backends.console.EmailBackend"``. The console backend supports these :setting:`OPTIONS `: * ``"stream"``: a stream-like object to write to. Defaults to ``stdout``. * ``"fail_silently"``: set to ``True`` to ignore *all* errors while writing the message to the stream, including errors serializing the message. (This option is available for backward compatibility but is not recommended.) This backend is not intended for use in production -- it is provided as a convenience that can be used during development. .. versionchanged:: 6.1 The settings file created by :djadmin:`startproject` now defines :setting:`MAILERS` with the console backend as the default configuration. .. _topic-email-file-backend: File backend ------------ The file backend writes emails to a file. A new file is created for each new session that is opened on this backend. To use it, set :setting:`BACKEND ` to ``"django.core.mail.backends.filebased.EmailBackend"``. The file backend supports these :setting:`OPTIONS `: * ``"file_path"`` (required): the directory to which the files are written. Can be a string or a :class:`pathlib.Path` object. If the directory does not exist, the file backend will attempt to create it. * ``"fail_silently"``: set to ``True`` to ignore *all* errors while writing the message to the file -- including errors serializing the message -- but *not* errors related to ensuring the file path directory exists. (This option is available for backward compatibility but is not recommended.) This backend is not intended for use in production -- it is provided as a convenience that can be used during development. .. deprecated:: 6.1 When the file backend is used without the :setting:`MAILERS` setting defined, it will get its ``file_path`` option from the :setting:`EMAIL_FILE_PATH` setting. .. _topic-email-memory-backend: In-memory backend ----------------- The ``'locmem'`` backend stores messages in a special attribute of the ``django.core.mail`` module. The ``outbox`` attribute is created when the first message is sent. It's a list with an :class:`EmailMessage` instance for each message that would be sent. Messages in the outbox are annotated with a ``sent_using`` attribute that identifies the :setting:`MAILERS` alias used to send the message. To use the in-memory backend, set :setting:`BACKEND ` to ``"django.core.mail.backends.locmem.EmailBackend"``. It does not support any :setting:`OPTIONS `. Django's test runner :ref:`automatically switches to this backend for testing `. This backend is not intended for use in production -- it is provided as a convenience that can be used during development and testing. .. versionchanged:: 6.1 The ``sent_using`` attribute was added to messages in the outbox. .. _topic-email-dummy-backend: Dummy backend ------------- As the name suggests the dummy backend does nothing with your messages. To use it, set :setting:`BACKEND ` to ``"django.core.mail.backends.dummy.EmailBackend"``. It does not support any :setting:`OPTIONS `. This backend is not intended for use in production -- it is provided as a convenience that can be used during development. .. _topic-third-party-email-backends: Third-party backends -------------------- .. admonition:: There are community-maintained solutions! Django has a vibrant ecosystem. There are email backends highlighted on the `Community Ecosystem`_ page. The Django Packages `Email grid`_ has even more options for you! Third-party email backends are available that: * Integrate directly with commercial email service providers' APIs (which often have extra functionality not available through SMTP). * Offload email sending to asynchronous task queues. * Add features to other email backends, such as enforcing do-not-send lists or logging sent messages. * Provide development and debugging tools, such as sandbox capture and in-browser email previews. .. _Community Ecosystem: https://www.djangoproject.com/community/ecosystem/#email-notifications .. _Email grid: https://djangopackages.org/grids/g/email/ .. _topic-custom-email-backend: Defining a custom email backend ------------------------------- If you need to change how emails are sent you can write your own email backend. To use a custom backend, set :setting:`BACKEND ` to the Python import path for your backend class and :setting:`OPTIONS ` to any ``__init__()`` keyword arguments your backend supports. Custom email backends should subclass ``BaseEmailBackend`` that is located in the ``django.core.mail.backends.base`` module. A custom email backend must implement the ``send_messages(email_messages)`` method. This method receives a list of :class:`EmailMessage` instances and returns the number of successfully delivered messages. If your backend has any concept of a persistent session or connection, you should also implement the ``open()`` and ``close()`` methods. Refer to ``smtp.EmailBackend`` for a reference implementation. .. _topic-mailers: Obtaining an instance of an email backend ----------------------------------------- The ``mailers`` factory in :mod:`!django.core.mail` returns instances of email backends. .. data:: mailers You can access the mailers configured in the :setting:`MAILERS` setting through a dict-like object: ``django.core.mail.mailers``: .. code-block:: pycon >>> from django.core.mail import mailers >>> mailers["notifications"] If the named key is not defined, a ``MailerDoesNotExist`` error will be raised. Other configuration problems will raise an ``InvalidMailer`` error. .. versionadded:: 6.1 .. data:: mailers.default As a shortcut, the default mailer can be accessed through ``django.core.mail.mailers.default``: .. code-block:: pycon >>> from django.core.mail import mailers >>> mailers.default This is equivalent to ``mailers["default"]``. If no default mailer has been configured, a ``MailerDoesNotExist`` error will be raised. .. deprecated:: 6.1 If the :setting:`MAILERS` setting is not defined, ``mailers.default`` will create an email backend instance from the deprecated :setting:`EMAIL_BACKEND` and related settings. This supports backward compatibility with Django 6.0 and earlier. This behavior (and those settings) will be removed in Django 7.0. .. function:: get_connection(backend=None, *, fail_silently=False, **kwargs) The deprecated :func:`!django.core.mail.get_connection` function creates and returns an instance of an email backend. Its behavior depends on the :setting:`MAILERS` setting and how the function is called. If the :setting:`MAILERS` setting *is* defined: * ``get_connection()`` with no arguments will return :data:`mailers.default`. * ``get_connection(...)`` called with only ``fail_silently`` or other keyword arguments will create an instance of ``MAILERS["default"]`` with any keywords added to the default mailer's :setting:`OPTIONS `. * ``get_connection(backend, ...)`` with a backend import path will raise an error. If the :setting:`MAILERS` setting is *not* defined: * ``get_connection()`` with no arguments will return an instance of the email backend specified in :setting:`EMAIL_BACKEND`. * If you specify the ``backend`` argument, an instance of that backend will be instantiated. * If the keyword argument ``fail_silently`` is True, certain backend-dependent exceptions during the email sending process will be silently ignored. * All other keyword arguments are passed directly to the constructor of the email backend. .. deprecated:: 6.0 Passing ``fail_silently`` as positional argument is deprecated. .. deprecated:: 6.1 :func:`!get_connection` is deprecated and will be removed in Django 7.0. Switch to :data:`mailers[alias] `. See :ref:`migrating-to-mailers-get-connection` for migration suggestions. .. _topic-email-backend-api: Email backend API ----------------- Instances of an email backend class have the following methods: * ``open()`` instantiates a long-lived email-sending connection. * ``close()`` closes the current email-sending connection. * ``send_messages(email_messages)`` sends a list of :class:`EmailMessage` objects. If the connection is not open, this call will implicitly open the connection, and close the connection afterward. If the connection is already open, it will be left open after mail has been sent. A backend instance can also be used as a context manager, which will automatically call ``open()`` and ``close()`` as needed. An example is in :ref:`topics-sending-multiple-emails`. Configuring email for development ================================= There are times when you do not want Django to send emails at all. For example, while developing a website, you probably don't want to send out thousands of emails -- but you may want to validate that emails will be sent to the right people under the right conditions, and that those emails will contain the correct content. The easiest way to configure email for local development is to use the :ref:`console ` email backend. This backend redirects all email to ``stdout``, allowing you to inspect the content of mail. The :ref:`file ` email backend can also be useful during development -- this backend dumps the contents of every SMTP connection to a file that can be inspected at your leisure. Another approach is to use a mocked SMTP server that receives the emails locally and displays them to the terminal, but does not actually send anything. The :pypi:`aiosmtpd` package provides a way to accomplish this: .. code-block:: shell python -m pip install "aiosmtpd >= 1.4.5" python -m aiosmtpd -n -l localhost:8025 This command will start a minimal SMTP server listening on port 8025 of localhost. This server prints to standard output all email headers and the email body. You then only need to set an SMTP backend's ``"host"`` and ``"port"`` :setting:`OPTIONS ` accordingly. For a more detailed discussion of SMTP server options, see the documentation of the `aiosmtpd`_ module. .. _aiosmtpd: https://aiosmtpd.readthedocs.io/en/latest/ For information about unit-testing the sending of emails in your application, see the :ref:`topics-testing-email` section of the testing documentation.