See: #77 (comment)
Currently, all exceptions in transactional emails (activation, unsubscribe, update etc.) are caught and logged. Furthermore, an error sets the error context variable to true.
Ideally, we would simply catch SMTP-specific errors and make them result in the form not being valid (hence sending the email from the Form.save() functions). This makes it a lot harder to make mistakes in editing the templates, you simply display form errors like you would normally.
Furthermore, we should let all other errors to simply pass through and cause a 500, since this results in unpredictable behaviour.
More granular handling of exception logging as a precursor to fixing #12
@adys: Had forgotten about this long-standing error report. Does the proposed solution here make sense to you?
In theory it sounds good - in practice, it might result in performance issues or hangs when submitting. Would have to test.
@adys As the method I have in mind simply checks the existence of the domain, the check moves quite fast and (to me) doesn't seem too likely to cause a DDoS vector.
Example code: https://gist.github.com/876648 (requires dnspython)
It's definitely a DDoS vector, and it adds a dependency. Really sounds out of scope for the project, tbh. Is there a way to move this to a more controllable environment? eg. is it possible for the developer to replace the view that sends mail by one that does additional error checks?
I agree with you on the dependency, it was mostly meant as an example. However, as this view is normally meant to send e-mail, doing an extra DNS-lookup seems to me harmless (in comparison).
A 'pluggable' view (or view-part) seems a bit complicated. However, something like a dynamic validators setting could solve this issue.
Something like a setting: NEWSLETTER_EMAIL_VALIDATORS
It would be lightweight, require no hacking of any kind and allows for a nice cleanup of code. Makes sense?
It seems this has not been fixed in #77, considering this comment. SMTP refused is now caught causing error=True in the template rather than a ValidationError.
Catch email related exceptions only.
Related to #12.