[Solved]-Why is Django a 'less secure' app according to Google?


It’s not that Django is insecure, it’s probably the way you’re sending email, using SMTP. Enabling TLS is the first thing to do, and also a requirement to even use Google’s SMTP service:


The port number depends on the SMTP service you’re using. 587 is the standard, but it may be something else.

Next is setting up SPF and DKIM.

Amazon’s SES (Simple Email Service, not free) makes this almost transparent.

Additionally you could setup DMARC which provides feedback on the effectiveness of your setup.

There is a DKIM package for Django: https://pypi.org/project/django-dkim/ to help you set this up manually.

Addiotionally, there is a DMARC package for Django 2 and Python 3: https://pypi.org/project/django-dmarc2/ (I made some fixes to the original package to make it compatible with Django 2+)

SPF should be setup on your DNS.

Having this in place, should make your emails secure.

Leave a comment