Today a colleague posted a password. Now, this post is deleted from Discourse, however the email notification, which contains the password, was still sent. This can’t be un-sent.
To keep our conversations flowing at a reasonable level, the email time window is set to 3 minutes, which has been excellent and something I want to keep for most users. However, new users, and particularly users such as the one who posted the password, cannot be trusted with this time window at all.
In an ideal world, I would be able to set new users, and this user, to have a custom time window, such as two hours(the password was in Discourse for an hour before it was noticed).
The best way I can think of is to set an email time window for each trust level. For example
|Trust Level||Email Time Window|
New users join us at Trust Level 1 or 2. Trust Level 0 is only used to restrict users that still need to learn what is acceptable.
This would give us ample opportunity to catch any violations of confidentiality, and remove them from Discourse before the information is spread irrevocably via email.