The ability to start new topics by email is important to our community, as we are convincing people to move from a mailing-list-based workflow that they’re familiar with.
To make this easy, we need to make the email-in address easily accessible. It is also the case that people’s email addresses are not secret. Many have been using the address they have configured in our account system for years. And in general, something that could go on one’s business card isn’t really a secret.
Therefore, spammers or other malicious actors can easily co-opt an identity and start threads with public knowledge.
To prevent this situation, I’d like Discourse to send a challenge email in response to any new topic incoming email before creating a that topic and posting the message. (For valid users, of course. Invalid ones would simply be discarded.) When the user successfully replies (with any content) to the challenge email, the post would go through.
(Optionally, the challenge email could also provide a confirmation URL.)
This ensures that new messages can’t be created simply by spoofing an address; the attacker would also need to have the ability to intercept incoming email. And if they have that, there are bigger problems.