Notify Feature can be easily abused

As you all know there is now a feature to notify people about a certain topic/post.

This is all well and good.

HOWEVER, there is no cooldown/ protection against this feature being abused.

During testing, I managed to spam notify people, by using the notify feature, It seems I can notify as many people as I want, as on many topics/replies as I want.

The only way to punish a user for abusing this feature, is by having someone report the spammer to a moderator, who will have to suspend the account, silencing the account will not prevent this feature from being abused.

My Idea:

For each trust level, they should be limited to how any many people they can notify daily, this will help keep this feature in use & and will also prevent people being spammed by this feature.


Adding a ‘minimum trust to notify’ could be useful too.


Agreed, it can be abused heavily:


Dedicated trolls can really do stuff with this.

Imagine a macro or something like that being used.


I would even consider the benefits of going one further, and have a whitelist feature in the user preferences. This would allow you to recieve notifications from personally trusted users/Groups, which is particularly useful if the community is > 1000 members.


Yeh, I see were your coming from.


Or maybe somehow expand the notification consolidation threshold scope to notifications about topics?


I think a lot would depend on how much the notify feature is getting hammered? I’m afraid it’s not a popular feature on the sites I’m on, so I can’t quite envisage those being useful to me personally - but now we can point to posts as well as topics, I think it could be more so in the future?

For an occasional over-excited user (/troll :slightly_smiling_face:) a daily base limit, trust level multiplier, and min trust level, similar to some of the other TL restricted features, may be enough peace of mind for me.

Though, as @Tris20 said, if you have a big membership and the notify feature is very popular, then giving it something like the PM whitelist may be beneficial too. And if you’re getting lots of notify notifications, consolidating them into a page like the consolidated Likes could also be good to bundle some noise into something more useful. :+1:

Is the ‘notify about this post’ only for Desktop? When I click the :link: icon in the post menu my phone opens up its own pop-up rather than the Discourse one, and the notify option doesn’t seem to be available by pressing on the timestamp? Is there another way?


It’s working on my browser, on my phone it doesn’t, however I think this is intentional, but a strange way of doing it, kinda defuses the point of implementing the feature.


Are there any DIY ways to fix this?

Because I am concerned this could become a bigger issues if I don’t try to resolve it as soon as possible, at the moment nobody from my community has discovered this, but it just takes one troll to make this such a massive issue.


If I’m not mistaken you could remove the share button from the post menu parameter (or at least hide it) https://your.domain/admin/site_settings/category/all_results?filter=share


Hmmm, I don’t want to hide the entire thing, just the notify button.


You could use a little CSS. Something like:

.btn-default.notify.btn {
    display: none;

(Though that will hide the share topic one too. You should be able to make it more specific if you need it)


Yeh, I guess this could be a temp fix, it’s a useful feature, so loosing it wouldn’t be fun.


For topics, that has always existed at the bottom of the page. It’s not a new feature and has mostly gone unused since its inception (until now).

All of this might by my fault though. I recently endorsed (and bumped) a topic requesting that the “Notify” feature be expanded to replies too.

Oops? :sweat_smile:

Regardless, I agree that site admins should have more control over it. I’m just worried that it could seriously impact the ability to notify multiple users in one batch.


I do support this, @codinghorror how do these numbers sound for defaults:

TL0: zero
TL1: 6 notifications max 2 notifications per user
TL2: double
TL3: double again


It’s also worth mentioning that you can still notify users when logged out.


Yikes… that should certainly be disabled.

It is an error now:

Should be removed from the UI.


Well, it was sort of a false alarm. It just spits out an error.

Edit: Yup, you beat me to it. Regardless, the button should definitely be removed. There’s still a lot of work that needs to be done with the unified share dialog.


I disagree. On a forum where I am TL3 if we find a user saying that they are under 13 (COPPA), we need to notify an admin so they can contact the user about it. And if no admins are online at that time there is less we can do about it.


Yep that sounds good, surprised we missed this thank you @JammyDodger for pointing it out! We should backport as well…