This note is intended to summarize my Admin UX as I silence some users. I’m not asking for changes necessarily, just citing the challenges which may translate to requests on review.
When I need to silence a user due to bouncing emails, I don’t want an email to go out to them to notify them of the event.
I don’t see an admin option to add a custom silence reason to the existing list. I’d like to add “Bouncing emails”.
I’d like to set one of the available silence period options to be the default. I don’t want to have to set the time period from the dropdown for every event.
I do want to advise the user about why they have been silenced, with more information than the one-line “reason”. The box is there to email the user with a note, but again, that emails the user. I just want to message them because I know email doesn’t work.
Are other Discourse emails sent to a user after they have been blocked, or silenced? For this specific scenario and possibly others, I do not want any more mail going out to this user, especially if they have subscribed to many notifications.
About deleting a user in this same scenario: We can simply delete the user, and we can also “delete and ban both the email address and the IP address”. Why are these linked? I like the idea of banning an email address. I might rarely want to ban an IP address. But banning an IPv4 is awkward for a number of reasons - maybe it’s OK with IPv6 but we’re not there yet. Until these concepts are separated can we not simply ban an email address? If I knew more about Discourse internals I’d be happy to script a process that clears specific items out of the ban lists, but I don’t know where to find that data.
We have MaxMind active for this site and I would like to use the IP address to get a location to help determine if the user should be just silenced or deleted. For example, if the last-used address is distant from the registration address (plus other metrics) then I would delete the account for simply smelling bad. But the popup that shows IP info doesn’t show a location. Is that a bug or should I check MaxMind again?
I get bounce notices to my postmaster@ address - this is how I know mail from the forum is bouncing. Someone might suggest I look into Bounce Score for auto-cutoffs to avoid emailing someone who already has recorded bounces. We have no bounce data for scoring, I haven’t setup Discourse to poll POP3 (IMAP??) for such data. All I see in meta are forum anecdotes about setting it up. Is there a real dedicated doc on this topic?
Again, this is all just to share the (not so great) UX in this specific area, for whomever might be interested.
I haven’t yet configured the bounce score threshold because I don’t have Discourse checking email for bounce notifications. The information in this meta thread is the best I’ve found on the topic of configuring to process bounces. Over the next several days I’m on a quest to find more complete documentation.
But yes, today I am setting a very low bounce threshold.
{“translation”: “[quote="Architect, post:6, topic:323151"] يجب أن يكون هناك سبب مُختار أو مكتوب قبل أن يكون من الممكن إسكاته حساب المستخدم.[/quote]\nهذا منطقي لأنه يتم إرسال رسالة موقع للمستخدم لإبلاغه عن الحدث. تلك الرسالة ليست واضحة تمامًا حول ما نريد من المستخدم أن يفعله تحديدًا. لذا بعد إرسال الرسالة، أرسل ردًا على تلك الرسالة للمستخدم، لأطلب منه الرد عندما يصحح وضع البريد الإلكتروني الخاص به.\n\nلذلك التحديات التي أواجهها الآن كمبتدئ تشمل:\n\n- أريد أن تصل تلك الرسالة إلى المستخدم، لكنني أفضّل تعديل النص. تغيير admin/customize/email_templates/system_messages.email_revoked للإنجليزية لا يغيره لجميع اللغات الأخرى. أم هل هناك ميزة لتشغيل ترجمة تلقائية على رسالة واحدة أو جميع رسائل النظام؟\n- بدون بحث في admin/customize/email_templates/ من الصعب العثور على نص الرسائل الصحيح أو إشعارات المستخدم التي يمكن تحريرها، ومعرفة العمليات التي ت triggerها.\n- لا أريد إرسال بريد إلكتروني عندما يكون المشكلة من التعريف أنها لا تتلقى رسائل البريد الإلكتروني.\n- عندما أرسل ذلك الرد على رسالة النظام على ملف المستخدم الخاص بهم، يرسل بريد إلكتروني آخر. إذا استطعنا حظر البريد الصادر بفعالية إلى العنوان، فلن يحدث ذلك. هل كل وظائف البريد الصادر تمر عبر عملية مركزية تتحقق أولًا مما إذا كان تم تجاوز عتبة الارتداد؟ أم أنني أفتقد ميزة حول الصمت (Silence) التي تمنع البريد الصادر بدون ربط ذلك بالعتبة؟\n- من المثالي عندما يستبدل المستخدم عنوان البريد الإلكتروني بشيء صحيح، أو يضغط على “عنواني الآن كوضع صحيح”، أن يرسل الخادم بريد اختبار، وعند النجاح يمسح علامة الارتداد / العد.\n- (عشوائيًا) هناك عدد ثابت من أسباب تعليق المستخدم في admin_js.admin.user.suspend_reasons وهي “صلبة” لمنع التخصيص لأغراض أخرى. يمكننا تغيير النص لـ admin_js.admin.user.suspend_reasons.combative وهناك admin_js.admin.user.suspend_reasons.custom واحد، لكن لا يبدو أنه يمكننا إنشاء admin_js.admin.user.suspend_reasons.bouncing_email.\n\nهذا السيناريو لا يقتصر على حالات الارتداد (Bounces). يمكنني التفكير في سيناريوهات أخرى نريد أن نخطُر المستخدم برسالة محلية توضح أنها لا يمكن أن يرسلوا له بريد، ونزودهم برسالة مخصصة تخبرهم بما يتوجب عليهم فعله.\n\nأشتبه أن كل هذا يصف سلوكًا دقيقًا جدًا ربما لا يُظهر بشكل واضح في قائمة الأولويات، لكن لا أدري بعد إذا كان الآخرون يتعاملون مع هذا وكيف. شكرًا لصبركم…”}
I just found this documentation to setup bounce handling:
The images here are also extremely helpful:
Implementing this functionality should address enough of the challenges here to handle bounced email effectively. I still need to work out exactly how we will notify a multi-lingual user base effectively and get them back on track quickly when they’ve fixed email problems. That is, when they’ve made an effective change they need to notify us or the system so that the blocks on them can be lifted.
When an e-mail address is bouncing back the automated discourse e-mails, this seems like you wouldn’t necessarily need/want to silence or delete their account for that unless you suspect it is a spoof account or something without valid e-mail.
Guess that is probably the reason why you would want to put account on hold temporarily to validate they have working e-mail, do you have a high volume of cases like that or is it practical to deal with those one on one manually?
There are some other options like manually changing e-mail notification settings, or changing the not-working e-mail address to other working address controlled by admin or something temporarily. That may not be the best idea just some random ideas here.
When an account is deleted that doesn’t send e-mail notification about that last time I checked. Simple but kind of brutal policy is to delete accounts if they don’t have working e-mail.
We’re on the same page. There are different scenarios that different managers will want to handle differently. I’m feeling my way around this software to understand what it does, how it’s intended to be used, and how others use it.
The underlying goal of this initiative/inquiry is two-fold: First, pro-actively avoid abuse. Second avoid sending out emails that will bounce which might result in our site getting flagged as a source of non-deliverable email. This can result in temporary listings in RBLs and I want to avoid such nonsense.
We do not have a high volume for this site but there are user groups, similar to but different from TL0-4. Users in one group shouldn’t be silenced if something goes wrong with their email. Users in another group with a few recent on-topic posts shouldn’t be silenced. Accounts with no activity or no recent valid activity might be silenced to get their attention if they ever come back.
The concept of silencing people to get their attention is awkward. And I don’t really care about email addresses. The real intent there is that if we have a bogus email address I feel an account is more likely to be a source of abuse than not. So I’ll pre-emptively silence them, seek some response, and if we don’t hear from them for a long period just delete the account. A participating user (TL1?) that we just haven’t heard from in a long time might just be put on long-term silence/review.
Since we’re here, all of this also implies that people are creating accounts without a valid email, or changing their addresses to something invalid. I’m going through the Documentation and will want to create an automation to: Silence new TL0 users until after they have viewed a couple threads, then email them. If we get a bounce from these specific messages, put them into review status. So no welcome email until after we’re sure they’re a human moving around the site, and no permissons until we’re sure they verify their email.
FWIW It’s not possible to activate your account without first verifying your email (unless manually activated by an admin, or you’re using SSO and not verifying with your idp).
That’s not necessarily true, there are other reasons such as e-mail may be temporarily deactivated, or they have banned your sender (which also may be temporary, as in a temporary account silence).
First step I would recommend for what you are describing would be to send a regular PM to a user if their e-mail isn’t receiving messages as an alert about that in case they aren’t aware, you can make that an official warning PM with the checkbox to make the envelope alert icon red instead of green. This also puts a note on their account that they have been sent one or multiple official warning PMs so you’ll have that documented.
As mentioned with the default settings new accounts must be validated by clicking link in verification e-mail firstly before they can use your site, unless you have bypassed that.
That seems to be basically already enabled with the default settings, although TL0 can post public replies/topics they can’t send anyone PM messages until they are promoted to basic level TL1, which requires some reading and e-mail would need to be validated before that.
