I have a lot of users who are email-centric, and who want to be able to start new topics by email. I’ve enabled the feature now, but am concerned about potential spam via spoofed (either intentionally or by lucky guess) email.
Is there a way to allow this feature, but for each new topic to send message back to the ostensibly-originating email address asking for a reply to confirm?
If you do not have enable_staged_users turned on then you don’t need to worry. If you do have that on then I think you could require group membership to post to those categories (e.g., tl_2) and that would protect you.
So they’d need to guess both the address to post to the category AND the email address of a legitimate user. That seems fairly improbable, though I guess if someone’s email account got hacked and the hacker sent an email to everyone in the address book, that could happen.
Well, we make the address to post to the category public, so that people can post to it. And, it’s not hard to discover e.g. my email address, because I use it to communicate with people. No hacking required.
So it would be more like vandalism than spamming, as it’d be someone who you’d emailed and knew about your community. If intervening mail servers enforce SPF and DMARC, you’d have some protection. And you’re an admin, so you’d not get help from Akismet. It could be a problem, but it still seems fairly improbable. I guess you could contrive to have your email address in Discourse something that’s not public.
That’d be a fairly targeted attack, though. Both the particular forum and some user accounts. Not something I’d expect from a run of the mill spammer.
Perhaps more viable, at least for random automated spam, would be for the spammer to do a sort of “rainbow attack,” (I’m aware that this is probably not the right term) spoofing many headers from whatever databases of real email addresses they use as targets for things like 419 scams.
That would still require a human to:
Realize that this is a theoretically feasible attack vector for your forum.
Find the mail-in addresses
Set up an automatic mailer to target only those addresses
This actually sounds like more work than running some human-powered sock-puppet accounts…
Because we are a community dating to 2003/2004, we have public mailing lists. People’s addresses are on those mailing lists. We could instruct everyone to please sign up with a second, secret email address, but that’s a barrier of its own. Anyway, email addresses really shouldn’t be treated as if they are secret in general.
I am not going to get into the business of classifying spammers as run-of-the-mill or special, but, we definitely have to worry about both. We have been subject to quite dedicated spam attacks before (quickbooks support scam, etc.)
And, not to give anyone any ideas or anything, but: I’m also worried about non-spam malicious impersonation. The proposed mechanism would allow threads to start by email (with a minor inconvenience of an extra step) without that risk unless the email address is actually hijacked, in which case there are bigger problems.
plug-in sends an email with a confirmation link (unique per post)
if link is clicked, plug-in approves the post
Side note: if a topic that you have started veers quickly from question into feature- or plug-in- request territory, you can flag and ask the moderators to recategorize, rather than start a new topic. This keeps the early discussion of the motivation for the request in one place. If it needs cleanup later, the mods will take care of that.
I’d be fine with a plug in, although we’re on the Business hosted plan so an arbitrary plug is more difficult (and the Enterprise plan more than I have funding for, at least not before this becomes our primary async communication platform, and for that to happen I definitely need email-friendly features. So, I’m hoping the team sees this as sensible as a core feature.