View All Stuff

Mail Wars

2min read

One evening, I unlocked my phone to this:


50+ mails with the same spam from my friend. Google did not classify these emails as spam since we had some mail history and so it was a trusted mail id.

So I had two options:

  •  Ignore the mails
  •  Report them as spam

Well, I choose none of the above. I decided to answer them, each and every one of them.

But of course, I am a programmer I was not gonna do it manually. The problem was I had never automated mail replies, I had previously written scripts to send mails for website signups, confirmations, etc.., but never had I done something were in the incoming mail was read and a reply was sent based on the content.

This was a perfect opportunity to learn that, so I did the following:

  •  Create a project folder
  •  Open VS Code
  •  Create a file

Then it was time to hop on to Google and Stackoverflow. Searching for a bit and trying some stuff out, I finally settled on using yagmail, a simple GMail/SMTP client for sending mails. I used GMail SMTP for reading mails.

There are many python libraries available for SMTP Client, but I found yagmail to be the simplest and that was the only reason for choosing it.

Time to write and test the script: As you can imagine it’s a pretty simple script, with the following logic:

  •  Login to Gmail
  •  Check for unread emails from a specific sender
  •  If ‘search keywords’ are there in the body of these emails, send a reply.

And this worked like a charm after trying on some test mails I did from my other Id, I was ready to take my sweet revenge.


There are few very bad programming practices that are followed in the script above that one should avoid, but I did not care at the time because I was in for the revenge and was not writing code for deployment. Following are the mistakes I made and how you can avoid them:

  •  Never write sensitive information like email-id and password into your scripts, keep them as environment variables.
  •  I used my Gmail Password directly, instead of using an app password. Using an app password allows you to limit access and revoke access if necessary in the future without changing your actual password.

I am sure there may be more mistakes, but I wanted to point these as I learned the hard way to never commit credentials into git.

Back to the story, I had written the script and it was working flawlessly, I even added tags to the mail so I can filter them out easily in future. The only issue was I had to keep running the script every few minutes. The solution to this was CRON. Cron is basically a job scheduler, it will run a given script, app, etc.. at a given time and this could be set to repeat. So I had to basically set cron to run my script every 5 minutes and boom, I was done.

To finish it up, I also installed mutt: a system mail client, just to check the output from the cron jobs. After this, I spun up a few more scripts to spam a few more friends.


After a few hours my mailbox looked like this:


In the end, we came to a truce and ended the great war.
Thanks to @Syn3rman for starting this all up, with the initial emails and thanks to @RusherRG and @hetzz for being a worthy opponent in the mail wars 2018.

Following are some resources that will help you in doing something similar:

Share this:
© 2017—2099 Karan Sheth