I have set the following:
However, a user’s email reply was rejected as their sending email address didn’t match the account email address.
In this case I’d like their email reply to be accepted.
Is there anything I can change to ensure email replies are accepted in cases where the sender email address doesn’t match the account email address?
Make sure the enable_staged_users site setting is enabled.
For categories, enabling “Accept emails from anonymous users with no accounts” in the category’s settings should work.
Thanks @gerhard.
“Enable staged users” was in fact enabled already. In my case, the user has two accounts on the forum, both live. She replied to a notification from the “other” account and it got rejected by Discourse.
I’ve noticed also that the wording on the setting is a little ambiguous. “Only use reply key” suggests in my mind “don’t additionally validate email address” - but then the setting description says that disabling the setting allows user impersonation. I’ll try disabling the setting and see if that helps.
Was it a reply to a public topic or a group message? The exact error would be interesting too. You can find it in Admin -> Emails -> Rejected. The second account might not be allowed to reply to the topic.
The reply was to a public forum post
We’re sorry, but your email message to [“hitreply+[redacted]@se26.life”] (titled Re: SE26.life [Dining/Drinking] Zigghy Cafe [Now open]) didn’t work.
Disabling that setting isn’t a good idea.
Email addresses are always validated. Each reply key is bound to a topic and user. If they do not match, the email gets rejected. There’s only one exception. If the system knows that an email was forwarded to another user, because that other user was in the To or CC header of a previous reply, than it will allow that user to reply with the forwarded reply key.
In your case, the user needs to send with the correct email address. There’s no way around it. Most email clients should be smart enough to select the right sender address anyway.
Thanks for the explanation.
I would be comfortable with just the reply key being used to authorise the user.
After all, it’s easy to spoof an email address isn’t it?
Hi,
I have the same problem, a user has two accounts registered, one with her email as @googlemail.com and one as @gmail.com
The result is that sometimes her emails get rejected with the error:
Your reply was sent from a different email address than the one we expected, so we’re not sure if this is the same person.
I have a few other users replying by email and it only happens to this user, so I assume it’s the gmail/googlemail domain mismatch.
I am thinking of adding the alternate domain email as secondary email address on both accounts, or is there a better idea?
There are no other safe alternatives. Handling this automatically would definitely lead to security issues.
Isn’t it a security issue for Discourse to trust the email address in the From header, and to use this as part of its validation of incoming emails? I can set the From header to whatever I like.
That’s why we have reply keys 
Indeed! 
The reply key is what protects us from spoofed replies to notification emails. The email address listed in the From field doesn’t offer any real protection at all.
Forgive me for repeating the point, but including email address in the validation of replies is causing user-affecting usability issues and should be dropped IMO
Well I ventured into the Rails console (for the first time!) to add a secondary email address, but my workaround to add the @googlemail.com email to the @gmail.com account and viceversa didn’t work, because the emails have already been taken, of course it makes sense.
If anyone has other ideas to fix this reply by email issue, I’ll be grateful, as I generally am for being able to use Discourse.
You could merge the users (provided they’re the same user).
You’re right, I’ll look into that, cheers.
您能否告知您是如何让这一功能正常工作的?我目前仍面临 Discourse 拒绝来自用户的合法邮件发帖的问题。这非常令人沮丧,尤其是向相关用户解释此问题时。
归根结底,我更希望能直接禁用 Discourse 对 incoming 邮件邮箱地址的检查(该检查既容易受到邮件伪造攻击,又毫无必要,因为回复密钥已经经过了验证)。
我觉得我并没有真正解决这个问题,但时间过去很久了,我的记忆可能有些模糊。
我尝试按照这里说明的方法添加次要电子邮件地址:
但未能成功,因为那些邮箱地址已被占用。
我认为解决方案应该是合并用户账户,但我并未继续操作,因为之后我与该用户沟通,她从那以后只使用其中一个账户。因此,我无法告诉你实际操作会如何进行,抱歉。
