Mailing List Replacement : Email Attachments

We implemented Discourse for a client to replace their MailMan mailing list. For the most part, the new Discourse forum is functioning awesomely in its role as a replacement, but there seems to be one area that is problematic.

The forum’s members are all in mailing-list mode (they get notified of all posts). The whole forum is private. Authentication is handled using SSO to an MVC site.

In the last few days, members have been trying to couple of attachments to the group. The discussion is quickly approaching Godwin’s Law territory because the attachments are not actually included in the notification emails to the group.

The issue is many of the mailing list participants do not actually visit the forum to log in…Therefore the links in the notification email to the attachment block them with a login page. From there they would need to do the SSO sign in on the main site and know enough to click the original link in the email to get to the attachment again.

They are used to having the attachment included in the notification email. I understand all the reasons why including attachments in emails is a bad idea…I get it. But, maybe there is something that can be done so we could tokenize the links so they wouldn’t have to be protected or turn off authorization requirements for uploaded files.

If one of the goals is to replace mailing lists, I do believe this is an issue that will need to be addressed.

As always, I am willing to do whatever I can to help.

I have same problem .
And my idea is to make boot which is going to fetch through SSO site and do boot logins to make discource accounts.
Since we hold cardinals at “our” site we can read cardinals and make calls to discource SSO endpoint.

I am willing to help making MVC.net or WebForms control whic will do boot login to discource

Can we think about a possible solution here @riking?

Can I add my own “+1” here as well? Most of the attachments our members will be sending if/when we switch to Discourse will be images, which are displayed inline in notifications, but occasionally they’ll be sending PDFs and other miscellaneous files that really do need to be attached. An option to include non-image attachments would go a long way to helping us in this area.

This may be relevant too: http://help.mandrill.com/entries/21763806-Does-Mandrill-support-attachments-

Has there been any movement on this issue? It would be a nice feature to have to complete mailing-list parity.

Same boat! Please :). Just moved our nonprofit association to discourse hosted product.

Thanks

I thought we fully support attachments, right @zogstrip ?

We support attachments in incoming emails. Not outgoing emails (ie. notifications).

Can this please be changed? What’s the point putting a picture in to a message if it’s not going to be received? The sender has no idea who (if any) of their recipients will be viewing it in the web browser. And worse still, the average user has no idea about this limitation.

It appears there is a misunderstanding; this only applies to attachments like a word document, not a jpg or png or gif image.

So unless you are sending out Microsoft Word documents or other unusual attachments, I would not be concerned.

Also note that these attachment will appear as links, just as in the web app. The only restriction is that they won’t additionally be included in the mail as an actual attached file

Sorry about that.

When I say Discourse doesn’t support attachments in outgoing emails, I actually mean that files other than images, will not be attached to emails sent by Discourse.

Images will be inlined and other kind of files will be linked like @fefrei noted.

Perfect! Thanks for clearing that up, guys. Nice, fast, personal help as always

@maja can you have a look at “converting” attachments (ie. uploads that aren’t images) in outgoing emails to proper attachments?

That would be amazing if possible.

So someone reminded me of reasons why I should retract, or at least be cautious, about my above statements:

1. Could create a ton of data sent over email providers, possibly increasing costs.
2. Attaching files to email promotes behavior that has increased security risks (email attachments are still a huge attack vector).
3. Creates a lot of copies of the same file vs. one copy living on the Discourse server.
4. No way to “take back” the attachment (via post editing) if the wrong file is uploaded and emailed out automatically to N people by accident.
5. Probably some others we didn’t think of.

So … YMMV. I at least hope this option is a switch with default off.

It sure is @maja is working on it

Not sure you can take it back in even in the current state. If I edit a post and change/delete the attachment, is the original file deleted immediately from the Discourse instance or would the link originally sent over the email still work?

In order to add the attachments on to the mail, we have to hold the contents of the file in memory as well.

@maja I think we need to look at some safe guards around here for the maximum number of attachments.

@gerhard can you take over @maja’s PR?

https://github.com/discourse/discourse/pull/7571