This article aims to detail technical and security aspects that involve the flows of sending and receiving emails during the operation of a Tenant (support base) in Movidesk.
Here, you will see:
The email accounts provided by Movidesk are a subdomain registered for the Tenant in the format @tenant.movidesk.com. All sending and receiving of these accounts happens through the partner service Mailgun.
Information about privacy and usage policies can be found on the partner's page. This partnership allows Movidesk to operate in a granular and scalable manner, speeding up sending and receiving flows.
Information about privacy and usage policies can be found on the partner's page. This partnership allows Movidesk to operate in a granular and scalable manner, speeding up sending and receiving flows.
Receiving via Mailgun
In this context, receiving happens via forwarding. The configuration is made from the Tenant's email provider account to the Movidesk subdomain. Mailgun then triggers Movidesk through webhooks so they can be processed and generate tickets.
Note: As the reception happens via forwarding, no credentials are shared with Movidesk or Mailgun.
Sending via Mailgun
Mailgun also allows sending emails through a specialized API that, in addition to being highly performant, allows tracking of sent emails, such as opens, clicks, and subscriptions.
Emails sent from Movidesk via Mailgun use the Movidesk subdomain address (@tenant.movidesk.com). However, it is possible to send using your own domain (tenant.com). For this, some DNS settings are needed to authorize Mailgun's servers to send emails on its behalf.
Currently, Movidesk does not track sent emails, so CNAME setup is unnecessary.
Recommendations
Email integration via Mailgun is the recommended method of integration for Movidesk, as it has better performance compared to IMAP and SMTP, low response time, and does not require credential sharing. Its setup requires additional steps but provides greater security for both parties.
Movidesk also works with email integration via direct access to the inbox or sending service. This method, although functional, is less recommended because it depends on credential sharing (or access authorization) and uses less scalable protocols (supporting a lower flow of messages).
Authentication
In the vast majority of cases, access to the inbox or sending service is done through credentials that identify the user or application requesting the service.
For some providers (currently Outlook and Microsoft Exchange), it is allowed to use OAuth 2.0 for access. In this case, the Tenant needs to authorize the Movidesk application to use the email services on its behalf.
For on-premise servers and other providers, it is necessary to configure the access data in Movidesk.
In both cases, the credentials and authorizations will be used exclusively to perform sending and/or receiving on the platform.
Changing credentials or revoking the authorization by the Tenant can happen at any time, but this will result in the interruption of the integration.
Note: Access without credentials is a security risk and should never be allowed.
Automatic Lock
In Movidesk, accounts that repeatedly fail authentication will be “deactivated” to preserve the integrity of the organization's IPs. A new connection attempt will be made 1 hour after the last error for cases of transient issues.
SMTP
In mailings configured to use SMTP, Movidesk will connect to the service on-demand, meaning only when there are emails to be sent.
After the connection and authentication, all emails waiting in the queue will be sent, and the connection will be closed at the end.
A new connection will be established only if new emails are identified in the queue and only after at least 30 seconds from the last disconnection.
SMTP Commands
The SMTP commands used for sending are:
- STARTTLS - Attempts to initiate a secure connection with the destination server;
- AUTH - Authenticates access to the service;
- MAIL FROM: <address@email.com> - Identifies the sending account;
- RCPT TO:<destination@email.com> - Identifies the receiving account;
- BDAT - When supported, performs binary data transfer in parts;
- DATA - Sends the email data;
- RSET - Used to clear the transaction in case of errors;
- QUIT - Disconnects from the service.
IMAP
For incoming mail configured to use IMAP, Movidesk will connect to the provider every minute, keeping the connection open while there are emails to be imported. If any error occurs during the process, the connection is terminated, and a new connection will be made in the next minute.
To better identify emails that need to be imported, Movidesk moves successfully processed messages to a folder configured when the account is created in Movidesk.
IMAP Commands
The IMAP commands used for receiving are:
- STARTTLS - Attempts to initiate a secure connection with the destination server;
- AUTHENTICATE - Authenticates access to the service;
- LIST - Lists the folders to find the folder configured in Movidesk;
- LSUB - Lists the folders to find the imported folder configured in Movidesk;
- CREATE - Creates the folder where the processed emails will be moved;
- SELECT - Opens the folder from which the emails will be imported;
- UID SEARCH - Lists the emails to be processed (all from the folder or from the configured date);
- UID FETCH - Reads each of the listed emails;
- UID STORE - When configured, marks the email as read;
- UID MOVE - Moves the email to the configured imported emails folder;
- LOGOUT - Disconnects from the service.
Associated IP Addresses
Movidesk uses the following IP addresses to handle its email flows.
- Connection Tests (from the account setup screen for SMTP and IMAP):