This might just be a personal failing, but I’m a bit confused by some of the error reporting I’m getting after setting up reply-by-email.
When someone replies to a message from an e-mail address not associated with their account, the error message (on a self-hosted Discourse instance) might be the wrong one? It seems like the message one should receive if they sent to an incorrect address, rather than from an unrecognized address.
The message I receive in that case has the subject line Email issue – Unknown To: Address, and the body looks like:
We’re sorry, but your email message to [“SNIP”] (titled Re: Help Please) didn’t work.
None of the destination email addresses are recognized, or the Message-ID header in the email has been modified. Please make sure that you are sending to the correct email address provided by staff.
Changing the From: address in my replies to match the one associated with the account seems to fix the problem.
Is there an easy way to modify this behavior? Have I misconfigured something?
(I should maybe say that what I would really be hoping for is an option to ignore the From: header altogether and instead just use the reply key as discussed here; is there any chance of that?).
Ah, maybe this is because it’s a response to a PM, rather than a public topic, and so Discourse doesn’t think that the person sending the e-mail (which it doesn’t recognize as a valid user) should be able to send to that address?
That might explain why it is marking the To: address as invalid, rather than the From: address?
In the meantime, I’ve changed the text of that message to clarify that it could be an issue with From:or with To:.
This would be because the permission error is transformed into a “not found” error somewhere in the stack, and then the email code uses the message for “not found”…
One could argue that the reply_id (which seems to map both to a topic and the person replying) is identifier enough, and spoofing reply_id is harder than spoofing an e-mail address, so it’s effectively just as strong with or without coming from the right e-mail address.
But I’m not actually trying to argue that. What you’re saying here makes total sense. And, after thinking on it, I realize that the thing leading to this behavior is definitely an edge case (we have SSO creating an account with university e-mail addresses, but people sometimes forward those to other addresses, from which they respond).
My real question is about the contents of the error email people receive in that case, which seems like it could be misleading. The real issue, or at least the thing the person receiving the error e-mail has control over in this case, is the “From” address (and the address associated with their account), not the “To” address, as far as I can tell.
Anyway, I already have a workaround by:
changing the content of that message (love that Discourse is so customizable!) and
telling people to change their email address if they want to use reply-by-email
but I’m just wondering if it makes sense to change something about what error messages are sent in which situations, given this potential confusion.
If the answer to that is “No, things are fine as-is,” that’s totally fine.
We do have preliminary support for alternate email addresses per user.
I wonder @sam and @eviltrout when will we formalize this a bit more so users can add a secondary email address? Should this be added to the 2.5 roadmap?
I think we should start by surfacing this in the admin user page so you can see / add email addresses for 2.5. Maybe next after that add some rudimentary UX in the admin pages for merging users now that we have the well tested rake task.
I’m still struggling to understand why Discourse trusts/validates the From: header when it can be so trivially spoofed?
The reply id header provides a useful validation as it’s unguessable/unknowable by bad guys.
Validating the From: header simply causes legitimate users to get confusing rejections to their post-by-email attempts if they happen to reply from a different email address (an edge case that’s more common than one would expect)
I have lots of email addresses, and so do some of my users.
I’m sincerely not trying to pick a fight here. I’m just slightly burnt by this issue as it contributed to a very important member of one of my forums choosing to no longer contribute to the forum
Unfortunately I don’t know if the proposed feature would solve the problem experienced on my Discourse instance.
In my case the user is the chairperson of a civic society. She had two email addresses and two Discourse accounts (one for each address). One account represented her personal identity, and other was for “official” posts on behalf of the civic society.
When she replied by email, she frequently did so from the “wrong” email address so her replies got rejected.
I assume the feature being discussed above would involve multiple email addresses per Discourse account, but would (naturally) disallow multiple Discourse accounts per email address. Thus it wouldn’t address my use case unfortunately.
I could, from a technical point of view, but it is intentional that the user is able to post under two distinct identities (personal / on behalf of civic society)
Yeah. Sometimes people do get stuck in that scenario but I’d probably call it more of a corner case than an edge case
Am I understanding right that this person effectively has two identities, but both of them are ending up in the same email account for some reason? If that’s true, it seems like they’d be running into this problematic scenario in more places than just Discourse. Maybe a job better suited for handling on the email client?
I have some work related aliases in my work email account, but the client matches the “from” address for replies to the address the mail was sent to…
I agree, it’s a corner case, and if she wasn’t such a prominent user it wouldn’t have been such a big deal.
In order to create two Discourse accounts, we used the gmail dot hack so she could create two email addresses for her gmail mailbox, in order that she could create two Discourse accounts.
When she replies by email to a post on the forum, gmail doesn’t necessarily use the same email address variant that Discourse expects.
IMO, provided the reply id is valid, Discourse should accept the reply.
The dot hack is extremely fragile, and they’d likely be having a much better time with plus addressing instead.
If both accounts use a plus address and no accounts are on the bare address, the From: address switcher will work fine and forgetting to set it will simply mean the email is rejected instead of submitted on the wrong account.
Using + instead of dots also brings a lot of clarity to your filters, too