Alex ([personal profile] alexbayleaf) wrote in [site community profile] dw_suggestions2012-12-16 11:03 am

Notifications to detect spoofing if posting by email

Title:
Notifications to detect spoofing if posting by email

Area:
email, posts

Summary:
It's possible, though unlikely, for someone to spoof posts from you by email. Notifications would help people recognise if/when this happens.

Description:
This one's a bit out there, but it came up in discussion about replying to comments by email, so I'm posting it as a suggestion.

Currently you can post by email from any of a list of registered email addresses. You also need to use a PIN to post. However, if someone knew your email address and could guess your PIN, it would be possible for them to spoof your email and post as you.

I therefore propose a notification setting: "notify me when I post by email". This should go to your primary registered address and basically just say, "We received an email post from address blah@blah.com, here's a link to it."

As well as being a warning if someone's spoofing you, it could also just be a good diagnostic to make sure your posts are getting through, if you don't have web access. Which after all could be a big part of why you're posting by email in the first place.

(You could make the setting be a bit cleverer, if you wanted to, by offering options like: "Notify me when I post by email: always, if spoofing is suspected, never". The "if spoofing is suspected" could be based on various things, but the obvious one that comes to me is <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework">SPF</a> records. But this is not a core part of the suggestion, just an idea for further work if someone were that way inclined.)

Poll #12344 Notifications to detect spoofing if posting by email
Open to: Registered Users, detailed results viewable to: All, participants: 49


This suggestion:

View Answers

Should be implemented as-is.
34 (69.4%)

Should be implemented with changes. (please comment)
0 (0.0%)

Shouldn't be implemented.
0 (0.0%)

(I have no opinion)
15 (30.6%)

(Other: please comment)
0 (0.0%)


Post a comment in response:

From:
Anonymous
OpenID
Identity URL: 
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.