On 10/02/2015 02:45 PM, Stephen Frost wrote:
> Amir,
>
> * Amir Rohan (amir.rohan@mail.com) wrote:
>> On 10/01/2015 09:18 PM, Stefan Kaltenbrunner wrote:
>>> yeah - as Stephen said upthread I think that would be a very useful
>>> feature...
>>
>> Great, here's a spec:
>>
>> 1) If the user is not logged in, error as the mbox downloads does.
>> 2) If the user is logged in, retrieve the raw message from the db (like
>> the "raw" link) does and send it via email (the system is already setup
>> to do this) to the registered email address for the logged-in user.
>>
>> Threats:
>> a1) Abusing the system to send lots of email to one victim.
>> a2) Abusing the system to send one email to lots of victims.
>> a3) DOS on the server through overuse by legitimate users.
>> a4) DOS on the server through overuse by malicious users, possibly
>> involving many accounts.
>>
>> To mitigate these, we:
>> b1) Require a community login which involves an email verification step.
>> mitigates (a1) and (a2).
>
> Works for me.
+1
>
>> If a3 and a4 are concerns in practice:
>
> I don't see that being the case here and so I don't believe we need any
> particular safeguards for those cases.
>
> Further, if we do, they can always be added later and don't need to
> complicate the initial implementation.
I agree there - we probably have other issues if somebody ends up
creating thousends or more community accounts and if we need to
ratelimit mail we can handle that on the MTA side as well...
Stefan