Bit redundant now but a) it’s not just plus addressing as per my first post, b) it’s not just adding the alias, it’s making the From field unusable as per my fifth post, c) we’re not just talking about Gmail as per my second and most recent posts but, in any case, I think that I’m fairly quick around Gmail’s user interface but would struggle to add and confirm a new alias in ten seconds.
Less redundant: are there any legs to the token idea I have mentioned multiple times but that has been ignored in favour of ranting about lazy Gmail users?
When it’s a Gmail period or plus alias, you don’t need to confirm. I just tried it and it only took 12 seconds.
Yes there are other kinds of weird delivery setups. The devs have already said they’ll eventually make it easier for admins (and maybe users) to add secondary emails for users. I don’t think they should go out of their way to do any more than that. Users should take responsibility for their own email setups if they want to reply to email received at an address they can’t send from.
As an option admins could enable, the token idea could work. We already trust that if users forward their forum emails to others then they could unsubscribe them using the links inside. Of course posting is potentially more destructive than unsubscribing.
As a feature request, the devs often say they have a rule of three, where once three people have request it they’ll start considering it more. Or if you’re a paying customer.
Sorry. I’m exceedingly lazy, and not a very talented Rails programmer and always look for solutions that don’t involve changing Discourse. (No, that’s not being sarcastic. I recently started a conversation to write a $1000 plugin and talked the non-customer into a solution using only existing features.)
Without looking at the code, I think that it might be possible to remove or relax the code that checks the sender From: address, as I think it’s the case, as you suggest, that the token is unique and that if you don’t care that someone might get that token some other way (say a forwarded message?) that you could override process_destination in a plugin and allow those replies to be delivered with the understanding that it’s something of a security risk. I think you’d need to just change this:
to something that either allowed any address to reply or maybe did some kind of “is it close enough” logic that I can’t see now how you’d come up with (not to say that one couldn’t).
Thanks for this. Very interesting. If, as has been stated, there are already security issues with tokenised unsubscribe links (and that these are deemed acceptable risks), it sounds promising.
It seems fairly obvious so I assumed if nobody had requested it before there were implications that I had overlooked, but if that’s not the case this seems a far superior way to accommodate people like me and appease the naysayers too.
Don’t know who else to tag to weigh in with thoughts/critiques but what do you think @codinghorror?
If staged users were enabled, would it just allow replies from any email? I don’t know, haven’t tried that kind of system (I only have staged users for handling support type emails.)