Opened 9 years ago

Closed 7 years ago

#340 closed enhancement (wontfix)

E-mail messages should include IP address of the person who caused the mailing.

Reported by: Aleksej Owned by:
Priority: trivial Milestone:
Component: programming Keywords:
Cc: Parent Tickets:

Description (last modified by Christopher Allan Webber)

E-mail messages send by request from the Web (e.g. e-mail address
verification e-mail, password recovery e-mail) should include the
IP address of the requester.

That will help the receiver decide if the message is legitimate.

A minor privacy issue might exist (message with the IP address
going through mail servers).



Subtickets

Change History (6)

comment:1 Changed 9 years ago by Elrond

Component: Programming
We might be interested in
`X-Originating-IP <https://en.wikipedia.org/wiki/X-Originating-IP>`_
and
`X-Forwarded-For <https://en.wikipedia.org/wiki/X-Forwarded-For>`_
.



comment:2 Changed 9 years ago by maiki interi

Is there a precedent for this? It doesn't seem to me that this
would be useful to most people, either due to ignorance of their
IP, or care for this extra step of verification.

On the flip-side, I would not use it, because it bypasses IP
scrubbing I've set up on the server, and it leaves a plain text
record.

I don't mean to nay-say this, so if you could explain it a little
more to me, that would be great. If there is a benefit I can't see,
then I want to see it! =]

Also, we should consider making this a plugin. Using StatusNet as
an example, I find that with federated sites, a lot of the
moderation plugins aren't needed to the same extent as say,
identi.ca. If people are setting up instances of mg that have few
users, and is not for public sign-up, this may not be a problem
that needs to be solved for them.



comment:3 Changed 9 years ago by Aleksej

This came up in a discussion of unsolicited registration of an
account with somebodies' e-mail address. Even if the address is not
verified, you cannot register another account for it.

As Elrond pointed out, you can however accept that account, just
with the username that individual forced on you. But if you don't
want to register now, would you actively refuse an account using a
link from an unsolicited e-mail message that came to you? I added a
possibly better solution to
`http://wiki.mediagoblin.org/Feature\_Ideas#Yet\_Unsorted\_Ideas <http://wiki.mediagoblin.org/Feature_Ideas#Yet_Unsorted_Ideas>`_



comment:4 Changed 9 years ago by Will Kahn-Greene

The original url for this bug was http://bugs.foocorp.net/issues/692 .

comment:5 Changed 8 years ago by Aleksej

Type: defectenhancement

comment:6 Changed 7 years ago by Christopher Allan Webber

Description: modified (diff)
Resolution: wontfix
Status: acceptedclosed

This has been around forever; I'm not really sure I see any pressing need for it. I'm closing it out as WONTFIX... when we have better context plugins, someone could easily pluginify this anyway.

Note: See TracTickets for help on using tickets.