This might just be a personal failing, but I’m a bit confused by some of the error reporting I’m getting after setting up reply-by-email.
When someone replies to a message from an e-mail address not associated with their account, the error message (on a self-hosted Discourse instance) might be the wrong one? It seems like the message one should receive if they sent to an incorrect address, rather than from an unrecognized address.
The message I receive in that case has the subject line Email issue – Unknown To: Address, and the body looks like:
We’re sorry, but your email message to [“SNIP”] (titled Re: Help Please) didn’t work.
None of the destination email addresses are recognized, or the Message-ID header in the email has been modified. Please make sure that you are sending to the correct email address provided by staff.
Changing the From: address in my replies to match the one associated with the account seems to fix the problem.
Is there an easy way to modify this behavior? Have I misconfigured something?
(I should maybe say that what I would really be hoping for is an option to ignore the From: header altogether and instead just use the reply key as discussed here; is there any chance of that?).
Ah, maybe this is because it’s a response to a PM, rather than a public topic, and so Discourse doesn’t think that the person sending the e-mail (which it doesn’t recognize as a valid user) should be able to send to that address?
That might explain why it is marking the To: address as invalid, rather than the From: address?
In the meantime, I’ve changed the text of that message to clarify that it could be an issue with From:or with To:.
This would be because the permission error is transformed into a “not found” error somewhere in the stack, and then the email code uses the message for “not found”…
One could argue that the reply_id (which seems to map both to a topic and the person replying) is identifier enough, and spoofing reply_id is harder than spoofing an e-mail address, so it’s effectively just as strong with or without coming from the right e-mail address.
But I’m not actually trying to argue that. What you’re saying here makes total sense. And, after thinking on it, I realize that the thing leading to this behavior is definitely an edge case (we have SSO creating an account with university e-mail addresses, but people sometimes forward those to other addresses, from which they respond).
My real question is about the contents of the error email people receive in that case, which seems like it could be misleading. The real issue, or at least the thing the person receiving the error e-mail has control over in this case, is the “From” address (and the address associated with their account), not the “To” address, as far as I can tell.
Anyway, I already have a workaround by:
changing the content of that message (love that Discourse is so customizable!) and
telling people to change their email address if they want to use reply-by-email
but I’m just wondering if it makes sense to change something about what error messages are sent in which situations, given this potential confusion.
If the answer to that is “No, things are fine as-is,” that’s totally fine.
We do have preliminary support for alternate email addresses per user.
I wonder @sam and @eviltrout when will we formalize this a bit more so users can add a secondary email address? Should this be added to the 2.5 roadmap?
I think we should start by surfacing this in the admin user page so you can see / add email addresses for 2.5. Maybe next after that add some rudimentary UX in the admin pages for merging users now that we have the well tested rake task.
