Dec. 16th, 2012

[personal profile] alexbayleaf

Title:
Allow comments by replying to email notification

Area:
email, comments

Summary:
Use the same mechanisms used for post-by-email to allow comment-by-email. That is, comments by email should only be allowed from your registered address(es), and you should have to enter a PIN.

Description:
Currently DW allows post-by-email (http://www.dreamwidth.org/manage/emailpost) but doesn't allow you to reply to comments by email. This proposal adds commenting while avoiding some of the security problems that Livejournal (allegedly?) has with their reply-form-in-the-email solution.

Basically, we just add an option to the "mobile post settings" saying "Also allow comments by email". When commenting by email, you would have to put the PIN in the text of the comment. We could specify eg. that it should be the first line of the comment:

PIN: blahblah


A simple regexp should be able to strip PINs from comments and then check them against the user's actual PIN and make sure it's the right one.

The comment notification email should include a message to the effect of "Want to reply via email? Set it up here." (if you aren't registered for email replies) or, "To reply by email, simply reply to this message and include your PIN as described here" (with a link to the help or whatever).

Poll #12343 Allow comments by replying to email notification
Open to: Registered Users, detailed results viewable to: All, participants: 48


This suggestion:

View Answers

Should be implemented as-is.
28 (58.3%)

Should be implemented with changes. (please comment)
1 (2.1%)

Shouldn't be implemented.
1 (2.1%)

(I have no opinion)
17 (35.4%)

(Other: please comment)
1 (2.1%)

[personal profile] alexbayleaf

Title:
Notifications to detect spoofing if posting by email

Area:
email, posts

Summary:
It's possible, though unlikely, for someone to spoof posts from you by email. Notifications would help people recognise if/when this happens.

Description:
This one's a bit out there, but it came up in discussion about replying to comments by email, so I'm posting it as a suggestion.

Currently you can post by email from any of a list of registered email addresses. You also need to use a PIN to post. However, if someone knew your email address and could guess your PIN, it would be possible for them to spoof your email and post as you.

I therefore propose a notification setting: "notify me when I post by email". This should go to your primary registered address and basically just say, "We received an email post from address blah@blah.com, here's a link to it."

As well as being a warning if someone's spoofing you, it could also just be a good diagnostic to make sure your posts are getting through, if you don't have web access. Which after all could be a big part of why you're posting by email in the first place.

(You could make the setting be a bit cleverer, if you wanted to, by offering options like: "Notify me when I post by email: always, if spoofing is suspected, never". The "if spoofing is suspected" could be based on various things, but the obvious one that comes to me is <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework">SPF</a> records. But this is not a core part of the suggestion, just an idea for further work if someone were that way inclined.)

Poll #12344 Notifications to detect spoofing if posting by email
Open to: Registered Users, detailed results viewable to: All, participants: 49


This suggestion:

View Answers

Should be implemented as-is.
34 (69.4%)

Should be implemented with changes. (please comment)
0 (0.0%)

Shouldn't be implemented.
0 (0.0%)

(I have no opinion)
15 (30.6%)

(Other: please comment)
0 (0.0%)

Profile

Dreamwidth Suggestions

April 2017

S M T W T F S
      1
23456 7 8
9 101112131415
16171819202122
23242526272829
30      

Style Credit

Expand Cut Tags

No cut tags