Security for AiChat Email and other AI Tools (Email sends at start up)

Build in Public · Jan 23 · Episode 29
all right this is my daily update for my all right this is my daily update for my all right this is my daily update for my build and public log it’s January 19th build and public log it’s January 19th build and public log it’s January 19th 2025 all right let’s jump into it I’m 2025 all right let’s jump into it I’m 2025 all right let’s jump into it I’m going to try a new format this next week going to try a new format this next week going to try a new format this next week where I jump into the technical where I jump into the technical where I jump into the technical interesting stuff and give my update and interesting stuff and give my update and interesting stuff and give my update and then tell my random story of the day I then tell my random story of the day I then tell my random story of the day I like to share a random story every day like to share a random story every day like to share a random story every day when you sign up for AI chat when you sign up for AI chat when you sign up for AI chat email you send an email email you send an email email you send an email to this EML to this EML to this EML address address address okay now this expires so by the time you okay now this expires so by the time you okay now this expires so by the time you see this video this see this video this see this video this unique uh ID and email address is gone unique uh ID and email address is gone unique uh ID and email address is gone it’s expired it never comes back so if it’s expired it never comes back so if it’s expired it never comes back so if you send an you send an you send an email to that address nothing happens it email to that address nothing happens it email to that address nothing happens it will ignore will ignore will ignore you so I you so I you so I started looking started looking started looking into adding the first true uh into adding the first true uh into adding the first true uh integration into this not the first real integration into this not the first real integration into this not the first real integration I want to support is integration I want to support is integration I want to support is zoom so you go into zoom so you go into zoom so you go into Integrations doesn’t exist so there’s Integrations doesn’t exist so there’s Integrations doesn’t exist so there’s nothing to show and you click Zoom You nothing to show and you click Zoom You nothing to show and you click Zoom You author you know you log in you sign in author you know you log in you sign in author you know you log in you sign in with zoom and you give AI chat email with zoom and you give AI chat email with zoom and you give AI chat email authorization to create meetings on your authorization to create meetings on your authorization to create meetings on your behalf that’s a real real simple uh use behalf that’s a real real simple uh use behalf that’s a real real simple uh use case so the last week I’ve been working case so the last week I’ve been working case so the last week I’ve been working on building an event scheduling AI agent on building an event scheduling AI agent on building an event scheduling AI agent that is where it that is where it that is where it intelligently uh creates an event for intelligently uh creates an event for intelligently uh creates an event for you and the idea is like it will look up you and the idea is like it will look up you and the idea is like it will look up the user your user information it’ll see the user your user information it’ll see the user your user information it’ll see that that integration is set up and that that integration is set up and that that integration is set up and working and then it will actually um add working and then it will actually um add working and then it will actually um add the zoom Link in the meeting description the zoom Link in the meeting description the zoom Link in the meeting description this is very standard a lot of tools do this is very standard a lot of tools do this is very standard a lot of tools do this no big this no big this no big deal the zoom part looks pretty easy deal the zoom part looks pretty easy deal the zoom part looks pretty easy looks pretty straight looks pretty straight looks pretty straight forward forward forward but when I started so I’ve been working but when I started so I’ve been working but when I started so I’ve been working on the agent which is a separate piece on the agent which is a separate piece on the agent which is a separate piece that’s going to live in a separate repo that’s going to live in a separate repo that’s going to live in a separate repo that I pull into this project and use that I pull into this project and use that I pull into this project and use okay when I started looking into that okay when I started looking into that okay when I started looking into that integration piece on the AI chat email integration piece on the AI chat email integration piece on the AI chat email side I started to think deeply about side I started to think deeply about side I started to think deeply about this and I started thinking this and I started thinking this and I started thinking um yeah okay if I add and if I one um yeah okay if I add and if I one um yeah okay if I add and if I one integration this thing gets serious this integration this thing gets serious this integration this thing gets serious this goes from prototype MVP up okay the goes from prototype MVP up okay the goes from prototype MVP up okay the pricing is very very low um honestly pricing is very very low um honestly pricing is very very low um honestly this would not be profitable if people this would not be profitable if people this would not be profitable if people started using it at this price point um started using it at this price point um started using it at this price point um so I’m I’m trying to go from MVP to like so I’m I’m trying to go from MVP to like so I’m I’m trying to go from MVP to like actual real re app service that’s actual real re app service that’s actual real re app service that’s actually useful that people will start actually useful that people will start actually useful that people will start integrating with and actually make it be integrating with and actually make it be integrating with and actually make it be a serious tool a serious tool a serious tool uh the idea is to build an AI virtual uh the idea is to build an AI virtual uh the idea is to build an AI virtual assistant this is going to be rebranded assistant this is going to be rebranded assistant this is going to be rebranded soon the whole landing page will be soon the whole landing page will be soon the whole landing page will be updated uh to to reflect that I might updated uh to to reflect that I might updated uh to to reflect that I might even change the the the URL to be even change the the the URL to be even change the the the URL to be completely honest going from MVP completely honest going from MVP completely honest going from MVP prototype to real product that people prototype to real product that people prototype to real product that people will actually use what is the number one will actually use what is the number one will actually use what is the number one priority for me privacy privacy is priority for me privacy privacy is priority for me privacy privacy is number one you’re in trusting me with uh number one you’re in trusting me with uh number one you’re in trusting me with uh quite a bit and security goes along with quite a bit and security goes along with quite a bit and security goes along with privacy so th security and privacy is my privacy so th security and privacy is my privacy so th security and privacy is my absolute number one priority so I absolute number one priority so I absolute number one priority so I started thinking about uh if people can started thinking about uh if people can started thinking about uh if people can send an email here and create an actual send an email here and create an actual send an email here and create an actual event that’s in people’s calendars with event that’s in people’s calendars with event that’s in people’s calendars with zoom link with with real zoom link with with real zoom link with with real information uh yeah I gotta take a step information uh yeah I gotta take a step information uh yeah I gotta take a step back and and get the security and and back and and get the security and and back and and get the security and and privacy stuff locked privacy stuff locked privacy stuff locked out so that’s what I’ve been working on out so that’s what I’ve been working on out so that’s what I’ve been working on the last two days is uh or last day and the last two days is uh or last day and the last two days is uh or last day and a half taking a step back and going okay a half taking a step back and going okay a half taking a step back and going okay let what are the let what are the let what are the known possible ways that this could be known possible ways that this could be known possible ways that this could be hacked or or taken advantage of and the hacked or or taken advantage of and the hacked or or taken advantage of and the main one is email main one is email main one is email spoofing all right so Cloud flare spoofing all right so Cloud flare spoofing all right so Cloud flare has a good article to um give you kind has a good article to um give you kind has a good article to um give you kind of the 101 on email spoofing of the 101 on email spoofing of the 101 on email spoofing so this is pretty so this is pretty so this is pretty decent uh overview for like a one1 cross decent uh overview for like a one1 cross decent uh overview for like a one1 cross course when you send an email use a course when you send an email use a course when you send an email use a major email client Outlook Google Gmail major email client Outlook Google Gmail major email client Outlook Google Gmail they’ve been around for decades now they’ve been around for decades now they’ve been around for decades now they’ve seen it all they know the little they’ve seen it all they know the little they’ve seen it all they know the little tricks and and ways that hackers uh have tricks and and ways that hackers uh have tricks and and ways that hackers uh have uh spoofed and D A L spam dodgy stuff uh spoofed and D A L spam dodgy stuff uh spoofed and D A L spam dodgy stuff they have a lot of tools built in. check they have a lot of tools built in. check they have a lot of tools built in. check and alert the user that say like hey and alert the user that say like hey and alert the user that say like hey warning this is um maybe you’ve seen it warning this is um maybe you’ve seen it warning this is um maybe you’ve seen it before I have I get a lot of before I have I get a lot of before I have I get a lot of fishing uh dodgy ass emails all the time fishing uh dodgy ass emails all the time fishing uh dodgy ass emails all the time so the good email clients you know the so the good email clients you know the so the good email clients you know the ones that have been around for a while ones that have been around for a while ones that have been around for a while the mainstream ones they put a banner the mainstream ones they put a banner the mainstream ones they put a banner that says hey this looks suspicious cuz that says hey this looks suspicious cuz that says hey this looks suspicious cuz they a lot of these checks that uh see they a lot of these checks that uh see they a lot of these checks that uh see that is a spoed email and will alert you that is a spoed email and will alert you that is a spoed email and will alert you or it’ll just go to your your trash or or it’ll just go to your your trash or or it’ll just go to your your trash or your um spam I need to do a lot of this your um spam I need to do a lot of this your um spam I need to do a lot of this work for my service I’m essentially the work for my service I’m essentially the work for my service I’m essentially the the email client before I proceed and the email client before I proceed and the email client before I proceed and actually turn this into a real product actually turn this into a real product actually turn this into a real product that people uh will pay for and entrust that people uh will pay for and entrust that people uh will pay for and entrust me with their with their not all their me with their with their not all their me with their with their not all their emails but sending some emails sending emails but sending some emails sending emails but sending some emails sending some confidential information so if I’m some confidential information so if I’m some confidential information so if I’m going to really have a service where going to really have a service where going to really have a service where there’s Integrations like create a zoom there’s Integrations like create a zoom there’s Integrations like create a zoom meeting create an invite and start meeting create an invite and start meeting create an invite and start inviting people and putting events on inviting people and putting events on inviting people and putting events on people’s Calenders with zoom links like people’s Calenders with zoom links like people’s Calenders with zoom links like actually for their organization or or actually for their organization or or actually for their organization or or for their account yeah I got to get the for their account yeah I got to get the for their account yeah I got to get the security buttoned up and um I got to do security buttoned up and um I got to do security buttoned up and um I got to do a lot lot of lot more work to really a lot lot of lot more work to really a lot lot of lot more work to really batten down the hatches on this thing batten down the hatches on this thing batten down the hatches on this thing uh and that that’s what I’ve been uh and that that’s what I’ve been uh and that that’s what I’ve been doing uh there obviously hasn’t been doing uh there obviously hasn’t been doing uh there obviously hasn’t been like a hack or anything like no one’s like a hack or anything like no one’s like a hack or anything like no one’s really using the service to be really using the service to be really using the service to be completely honest with you just beta completely honest with you just beta completely honest with you just beta testers mostly so I just want testers mostly so I just want testers mostly so I just want to really get this thing buttoned down to really get this thing buttoned down to really get this thing buttoned down before I make that jump of like there’s before I make that jump of like there’s before I make that jump of like there’s Integrations this thing is actually like Integrations this thing is actually like Integrations this thing is actually like doing things on your behalf this is a doing things on your behalf this is a doing things on your behalf this is a real like serious service use it pay for real like serious service use it pay for real like serious service use it pay for it because this is just an MVP as I said it because this is just an MVP as I said it because this is just an MVP as I said so uh that’s what I’ve been working on so uh that’s what I’ve been working on so uh that’s what I’ve been working on uh and it’s been interesting because I’m uh and it’s been interesting because I’m uh and it’s been interesting because I’m going down the rabbit hole of okay how going down the rabbit hole of okay how going down the rabbit hole of okay how do I how do I send a spoon female do I how do I send a spoon female do I how do I send a spoon female because remember I got to test this because remember I got to test this because remember I got to test this thing so I got to send I got to start thing so I got to send I got to start thing so I got to send I got to start sending really really sophisticated sending really really sophisticated sending really really sophisticated spoofed email so that’s been very spoofed email so that’s been very spoofed email so that’s been very fascinating to to go down that rabbit fascinating to to go down that rabbit fascinating to to go down that rabbit hole and see how do I spoof because I hole and see how do I spoof because I hole and see how do I spoof because I have to basically spoof myself and uh I have to basically spoof myself and uh I have to basically spoof myself and uh I don’t want to go just for loow hanging don’t want to go just for loow hanging don’t want to go just for loow hanging fruit I want to go like replicate and fruit I want to go like replicate and fruit I want to go like replicate and protect against very sophisticatedly protect against very sophisticatedly protect against very sophisticatedly spoofed emails so very fascinating spoofed emails so very fascinating spoofed emails so very fascinating stuff and this has led me to look at stuff and this has led me to look at stuff and this has led me to look at tools like tools like tools like this this this uh there’s it’s pretty wild this uh there’s it’s pretty wild this uh there’s it’s pretty wild this spoofing world uh I mean look at uh I mean look at uh I mean look at this and this is you know this is really this and this is you know this is really this and this is you know this is really what I’m what I’m what I’m doing penetration tester to check doing penetration tester to check doing penetration tester to check whether an email server and client are whether an email server and client are whether an email server and client are vulnerable to spoofing vulnerable to spoofing vulnerable to spoofing attacks attacks attacks so I’m going pretty deep yeah look at so I’m going pretty deep yeah look at so I’m going pretty deep yeah look at this this this scary like this this this this scary like this this this this scary like this can I know can I know can I know somebody in real somebody in real somebody in real life who works at a business um I would life who works at a business um I would life who works at a business um I would they’re like a medium Siz business they they’re like a medium Siz business they they’re like a medium Siz business they don’t like a big Corporation they’re a don’t like a big Corporation they’re a don’t like a big Corporation they’re a you know Mom and Pop traditional you know Mom and Pop traditional you know Mom and Pop traditional mediumsized business and they got hacked mediumsized business and they got hacked mediumsized business and they got hacked this way they got this way they got this way they got fished fished fished hardcore somebody in the ore got fished hardcore somebody in the ore got fished hardcore somebody in the ore got fished probably using a technique exactly in probably using a technique exactly in probably using a technique exactly in this diagram they got infiltrated they this diagram they got infiltrated they this diagram they got infiltrated they did a ransomware attack on them where did a ransomware attack on them where did a ransomware attack on them where they locked up their data their backups they locked up their data their backups they locked up their data their backups for and and forced them to pay a lot of for and and forced them to pay a lot of for and and forced them to pay a lot of of money and they actually paid now I of money and they actually paid now I of money and they actually paid now I can’t say anything more than this I can’t say anything more than this I can’t say anything more than this I shouldn’t say anything more than this shouldn’t say anything more than this shouldn’t say anything more than this probably said too much as it is but I’ll probably said too much as it is but I’ll probably said too much as it is but I’ll keep it real vague like keep it real vague like keep it real vague like that and uh it was a this this hurt this that and uh it was a this this hurt this that and uh it was a this this hurt this company company company very seriously financially and uh their very seriously financially and uh their very seriously financially and uh their reputation they were down completely and reputation they were down completely and reputation they were down completely and unable to work and do do their Core unable to work and do do their Core unable to work and do do their Core Business for a couple of weeks this is Business for a couple of weeks this is Business for a couple of weeks this is serious so uh I take security very serious so uh I take security very serious so uh I take security very serious I uh I do my best I’m really serious I uh I do my best I’m really serious I uh I do my best I’m really really going to do my best for my really going to do my best for my really going to do my best for my product product product um and I am going to spoof the hell out um and I am going to spoof the hell out um and I am going to spoof the hell out of my own of my own of my own product product product um and and make sure that it’s protected um and and make sure that it’s protected um and and make sure that it’s protected against it because I care you know what against it because I care you know what against it because I care you know what what I mean I like I legit care I’m not what I mean I like I legit care I’m not what I mean I like I legit care I’m not just trying to put some slop out there just trying to put some slop out there just trying to put some slop out there uh a huge problem right now with uh all uh a huge problem right now with uh all uh a huge problem right now with uh all the MVPs and software being created with the MVPs and software being created with the MVPs and software being created with AI you know there’s all these tools and AI you know there’s all these tools and AI you know there’s all these tools and kind of to be blunt amateurs out there kind of to be blunt amateurs out there kind of to be blunt amateurs out there building a lot of agents and software building a lot of agents and software building a lot of agents and software and AI tools that don’t know what and AI tools that don’t know what and AI tools that don’t know what they’re doing that don’t even care that they’re doing that don’t even care that they’re doing that don’t even care that just listen blindly to the ai ai MML just listen blindly to the ai ai MML just listen blindly to the ai ai MML just spit out some slop and don’t just spit out some slop and don’t just spit out some slop and don’t even take these things into even take these things into even take these things into consideration or really how fet um so consideration or really how fet um so consideration or really how fet um so for AI chat email what’s fascinating to for AI chat email what’s fascinating to for AI chat email what’s fascinating to me is the code the backend code I have me is the code the backend code I have me is the code the backend code I have for a lot of this the AI just for a lot of this the AI just for a lot of this the AI just cannot ah do it it it gets so confused cannot ah do it it it gets so confused cannot ah do it it it gets so confused it tells me all this nonsense so it tells me all this nonsense so it tells me all this nonsense so um it makes me feel good it’s like um it makes me feel good it’s like um it makes me feel good it’s like there’s still a need for engineers there’s still a need for engineers there’s still a need for engineers because it the AI just gets so lost it because it the AI just gets so lost it because it the AI just gets so lost it tells me such fake hallucinated nonsense tells me such fake hallucinated nonsense tells me such fake hallucinated nonsense when I try to get help building this when I try to get help building this when I try to get help building this core code so um I spend a lot of time on core code so um I spend a lot of time on core code so um I spend a lot of time on this code and I want to get it right and this code and I want to get it right and this code and I want to get it right and I want it to be secure and I want to get I want it to be secure and I want to get I want it to be secure and I want to get certifications eventually so businesses certifications eventually so businesses certifications eventually so businesses actually know this is a legit thing that actually know this is a legit thing that actually know this is a legit thing that is is is seriously uh set up for for the privacy seriously uh set up for for the privacy seriously uh set up for for the privacy and Security in mind so so that’s the and Security in mind so so that’s the and Security in mind so so that’s the update for today update for today update for today so you might be wondering how the hell so you might be wondering how the hell so you might be wondering how the hell does this does this guy know so much does this does this guy know so much does this does this guy know so much about email um there’s a lot I don’t about email um there’s a lot I don’t about email um there’s a lot I don’t know there’s a lot I need to there’s a know there’s a lot I need to there’s a know there’s a lot I need to there’s a lot uh of shallow knowledge I have in my lot uh of shallow knowledge I have in my lot uh of shallow knowledge I have in my head so I spend a a good deal of time head so I spend a a good deal of time head so I spend a a good deal of time going deeper to like go from yeah I have going deeper to like go from yeah I have going deeper to like go from yeah I have a shallow understanding of that too I I a shallow understanding of that too I I a shallow understanding of that too I I want to be like a deep real expert in want to be like a deep real expert in want to be like a deep real expert in this stuff this is a perfect example this stuff this is a perfect example this stuff this is a perfect example this article I I I’ll put a link in the this article I I I’ll put a link in the this article I I I’ll put a link in the description this is a perfect example description this is a perfect example description this is a perfect example this is like this is like this is like shallow introduction to to some of these shallow introduction to to some of these shallow introduction to to some of these things um how how like authentication things um how how like authentication things um how how like authentication really works anyway so my first job when really works anyway so my first job when really works anyway so my first job when I was in college still I dropped out of I was in college still I dropped out of I was in college still I dropped out of college to work at this startup that I college to work at this startup that I college to work at this startup that I that I’m going to talk that I’m going to talk that I’m going to talk about I was just some young kid I was about I was just some young kid I was about I was just some young kid I was like 21 years old and they just they like 21 years old and they just they like 21 years old and they just they threw me into the fire and there were threw me into the fire and there were threw me into the fire and there were they were like your job is to send uh I they were like your job is to send uh I they were like your job is to send uh I won’t say the company but it was a a won’t say the company but it was a a won’t say the company but it was a a fortune Fortune 100 US company my job fortune Fortune 100 US company my job fortune Fortune 100 US company my job they were like here’s millions of email they were like here’s millions of email they were like here’s millions of email addresses in like text files and all addresses in like text files and all addresses in like text files and all those crazy go send emails to those crazy go send emails to those crazy go send emails to millions of our customers and I my job millions of our customers and I my job millions of our customers and I my job was to manage all this all this user was to manage all this all this user was to manage all this all this user data and send to them and I was just data and send to them and I was just data and send to them and I was just some young 21y old 22y old kid I know some young 21y old 22y old kid I know some young 21y old 22y old kid I know what the I was doing so I got a what the I was doing so I got a what the I was doing so I got a crash course and I had crash course and I had crash course and I had to it was Insanity it was all this to it was Insanity it was all this to it was Insanity it was all this manual stuff this was back in the day manual stuff this was back in the day manual stuff this was back in the day this was like mid 2000s or the late this was like mid 2000s or the late this was like mid 2000s or the late 2000s and I did just figure this 2000s and I did just figure this 2000s and I did just figure this out and I had to write emails by hand out and I had to write emails by hand out and I had to write emails by hand like it was it was Insanity manage all like it was it was Insanity manage all like it was it was Insanity manage all this data and I just started automating this data and I just started automating this data and I just started automating I am very lazy so I just started I am very lazy so I just started I am very lazy so I just started automating uh automating uh automating uh as much as I humanly possibly could with as much as I humanly possibly could with as much as I humanly possibly could with my limited skills that’s how I became um my limited skills that’s how I became um my limited skills that’s how I became um a serious engineer was I just started a serious engineer was I just started a serious engineer was I just started writing all these tools and scripts and writing all these tools and scripts and writing all these tools and scripts and you know all these like commands I’d run you know all these like commands I’d run you know all these like commands I’d run in the terminal to help me sort through in the terminal to help me sort through in the terminal to help me sort through and do my job to manage millions of of and do my job to manage millions of of and do my job to manage millions of of people’s data so I’ve been sending people’s data so I’ve been sending people’s data so I’ve been sending emails to people uh emails to people uh emails to people uh [Music] [Music] [Music] for almost 20 years pretty wild uh for almost 20 years pretty wild uh for almost 20 years pretty wild uh pretty wild so that’s how I know a lot pretty wild so that’s how I know a lot pretty wild so that’s how I know a lot about email and kind of some of the about email and kind of some of the about email and kind of some of the pitfalls and I pitfalls and I pitfalls and I know uh the basics of like how do you know uh the basics of like how do you know uh the basics of like how do you how do you spoof and do all these crazy how do you spoof and do all these crazy how do you spoof and do all these crazy things with email but I’m not I’m not a things with email but I’m not I’m not a things with email but I’m not I’m not a spammer I I don’t spam people I I I’m spammer I I don’t spam people I I I’m spammer I I don’t spam people I I I’m very legit I have a good cender very legit I have a good cender very legit I have a good cender reputation like 99% uh for my reputation like 99% uh for my reputation like 99% uh for my newsletters I don’t I’m not I don’t know newsletters I don’t I’m not I don’t know newsletters I don’t I’m not I don’t know spoof people because I I’m not a scammer spoof people because I I’m not a scammer spoof people because I I’m not a scammer spoofer so anyways I’m going to be going spoofer so anyways I’m going to be going spoofer so anyways I’m going to be going down that route behold to figure out how down that route behold to figure out how down that route behold to figure out how to do that so I can guard against the to do that so I can guard against the to do that so I can guard against the very most sophisticated attacks very most sophisticated attacks very most sophisticated attacks so uh very interesting stuff I hope that so uh very interesting stuff I hope that so uh very interesting stuff I hope that was interesting to you if you find that was interesting to you if you find that was interesting to you if you find that interesting please leave a comment for interesting please leave a comment for interesting please leave a comment for the algorithm it helps a lot just say the algorithm it helps a lot just say the algorithm it helps a lot just say email security please that helps a lot email security please that helps a lot email security please that helps a lot all right that’s all I got for today see all right that’s all I got for today see all right that’s all I got for today see you

Description

Rebranding plans:

  • New brand strategy
  • Expanded functionality scope
  • Platform evolution discussion

Summary

Summary of the Video: Daily Update for Build and Public Log The video explains progress on integrating Zoom into an AI event scheduler, addressing email spoofing risks, and transitioning from an MVP to a robust product. The creator emphasizes security, privacy, and practical challenges while sharing personal insights from years of email automation experience.

AI with Steve build in public

Subscribe to stay up to date