New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enqueue spam/dmarc failing emails instead of hiding #8674
Conversation
You've signed the CLA, LeoMcA. Thank you! This pull request is ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if you're adding a new reason for adding a post to the queue, you only need to add a translation for that reason to have it displayed in more detail:
A-ha! That's very nice! |
@LeoMcA looks like the test failures are showing something legit here
I don't think you need to escape the single quote in the translation. |
Could we default this to off for now? It seems a bit safer. Then we can give it a try and if it all works nicely we can default it on. |
Oh yeah... for some reason Atom's syntax highlighting bugs out with an unescaped quote, so I assumed it needed to be escaped without checking. Odd that that exception isn't thrown locally for me, though.
@eviltrout Which aspect of this you thinking? The spam checking element of this has existed as a feature for ages, so I wouldn't want to effectively turn that off on instances that have enabled it. The authentication results checking was added much more recently - but it's possible some instances are already relying on it. |
DeepCode's analysis on #e42505 found:
💬 This comment has been generated by the DeepCode bot, installed by the owner of the repository. The DeepCode bot protects your repository by detecting and commenting on security vulnerabilities or other critical issues. |
Any update here? We have near-daily phishing emails coming through which are marked as spam by SES or fail dmarc, but which still trigger email notifications to users because the current behaviour of posting + hiding doesn't prevent email notifications being sent. |
I think we would like to have the whole DMARC feature disabled by default for now. That matches the 'disabled by default' behaviour of the old spam detection site setting. The only DMARC failures we've had hitting our meta inbox are 'real' customers with misconfigured email servers, so this is just causing confusion on our end. Any actual spam emails are being filtered upstream by google. What do you think about disabling the feature completely when Aside: how do the 'well known values' in the meta post get used? As far as I can tell, when |
Fair enough, I'll change the behaviour when
Those 'well known values' are for users to paste into the |
I wish that were the case! It would make this so much easier!
👍 makes sense, thanks for clarifying |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me now. Will let @eviltrout give it a final check for review-queue things
The meta topic could probably do with a clarification (something like "Paste these values into your |
Great, thanks for the legwork @LeoMcA - I've merged it now. |
This is how an email which fails DMARC, for instance, appears (mostly through previous work from @eviltrout):
At the moment this doesn't show the reason that this topic needs approval, and I think in the DMARC case at least, this is important (otherwise you'll be left wondering why a post from an admin, for instance, is in the reviewable queue). But this reason is already stored in the reviewable score, so @eviltrout I wondered if you'd already had thoughts about exposing this.