SSO 的文档明确指出,应在 SSO 提供商端预先进行邮箱验证,否则并非明智之举。这很有道理。
然而,该验证状态随后可能会发生变化。例如,SSO 提供商可能发现向该用户发送的邮件遭遇了过多硬退信、反馈循环(FBL)等问题。在 SSO 上下文中,处理此类情况的最佳实践是什么,以便 Discourse 也能(仅暂时)停止向该用户的邮箱地址发送邮件?
我曾看到一些建议,通过将账户的所有与邮箱相关的设置更改为不发送邮件来停止发送邮件,但这将是永久性的,或者至少难以撤销。我正在寻找一种临时方案,直到 SSO 提供商再次验证通过。
既然 Discourse 在邮件退信数量超过某个阈值时会自动停止发送邮件,那么通过操作相关数据来暂停发送邮件是否可行?我查阅了 API,但尚未找到修改该数据的接口,不过我可能有所遗漏。
简而言之,如何阻止特定 SSO 账户发送邮件?
如果此问题已有解答,敬请见谅,但我未能找到相关信息。
We don’t have a direct API for setting bounce score, I guess that is what you would want to do here. I am open to a PR that adds support so admins can manually set bounce score for a user to an arbitrary value.
There may be other reasons to stop emails for a specific account other than email bounces: email feedback loops, legal requests in the context of GDPR to not use that private data (temporarily); there may be other legal/business reasons for the SSO provider to need this.
I mentioned fiddling with the bounce score because it could be way to achieve this, although it is maybe a bit of a workaround. If nothing else, I would use that.
But if that’s not already made available, would it make sense to consider, instead, having a user field to globally enable/disable all emails for an account, that could be controlled not just via the API but maybe by staff too? I don’t know if this would imply a too large change or if there’s a central place where this could be checked on the code, however, I think this could be a more generic approach that could be used in more use cases than the bounce score route to stop emails for an account.