Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement Mailgun #605
Set up a free, no-card-details Mailgun account to test integration and evaluate.
Move to replace Postal if it all works nicely. (Which it probably will.)
As part of this, review all email-triggering parts of the codebase to ensure there are no foreseeable mechanisms by which vast slews (10k order of magnitude or more) of repeat emails could unwittingly/unintentionally be sent in fairly short periods of time (24-48 hours). Because this would become somewhat expensive, and the recipients wouldn't like it.
I say 24-48 hours in case admins are all away-from-computer for a weekend, for example. Over longer time periods, we would be able to intervene first. 10k sends in 48 hours = 3-4 emails per minute consistently.
@CHTJonas gave one possible example of editing unauthorised shows regenerating a 'needs approval' email. Could that be abused, for example? What about the ability to send emails to society / venue admins? That kind of thing. I think this is quite unlikely but better considered up front!
Completing this would invalidate #603.
#548 (message queuing/sending of one email for many events) would address most of the concerns raised here about an excessive email volume. If we're sending at most one email per person per hour (or something like that) then that puts a very reasonable upper bound on our outgoing emails.