On 10/02/2015 03:48 PM, Stefan Kaltenbrunner wrote:
> On 10/02/2015 02:45 PM, Stephen Frost wrote:
>> Amir,
>>
>> * Amir Rohan (amir.rohan@mail.com) wrote:
>>> On 10/01/2015 09:18 PM, Stefan Kaltenbrunner wrote:
>>>> yeah - as Stephen said upthread I think that would be a very useful
>>>> feature...
>>>
>>> Great, here's a spec:
>>>
>>> 1) If the user is not logged in, error as the mbox downloads does.
>>> 2) If the user is logged in, retrieve the raw message from the db (like
>>> the "raw" link) does and send it via email (the system is already setup
>>> to do this) to the registered email address for the logged-in user.
>>>
>>> Threats:
>>> a1) Abusing the system to send lots of email to one victim.
>>> a2) Abusing the system to send one email to lots of victims.
>>> a3) DOS on the server through overuse by legitimate users.
>>> a4) DOS on the server through overuse by malicious users, possibly
>>> involving many accounts.
>>>
>>> To mitigate these, we:
>>> b1) Require a community login which involves an email verification step.
>>> mitigates (a1) and (a2).
>>
>> Works for me.
>
> +1
>
>>
>>> If a3 and a4 are concerns in practice:
>>
>> I don't see that being the case here and so I don't believe we need any
>> particular safeguards for those cases.
>>
>> Further, if we do, they can always be added later and don't need to
>> complicate the initial implementation.
>
>
> I agree there - we probably have other issues if somebody ends up
> creating thousends or more community accounts and if we need to
> ratelimit mail we can handle that on the MTA side as well...
>
>
>
> Stefan
I was hoping you'd think so. Ok, I'll code up a first version.
Amir