Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change default `from` email for `accounts-password` to an "example". #8760

Merged
merged 3 commits into from Jun 13, 2017

Conversation

@abernix
Copy link
Member

@abernix abernix commented Jun 5, 2017

Currently, the default "from" address for meteor-accounts is
"no-reply@meteor.com". While this works for many users, and granted it
is a "no reply" address and there should be no expectation of the
address working, it contributes to a negative spam rating for the
"meteor.com" domain and a surplus of extra e-mail.

The correct way to set the default "from" address is by setting:

Accounts.emailTemplates.from = "Name <email@domain.com>";

As per the documentation here:

By changing it to "example.com", and making a more obvious "example"
out of the name ("Accounts Example"), it should encourage users to
actually change the address to something more reasonable especially
since many e-mail providers will also reject mail coming from
"example.com", which should provide a clear warning to those who have
their e-mail misconfigured.

/cc @n1mmy

Currently, the default "from" address for `meteor-accounts` is
"no-reply@meteor.com".  While this works for many users, and granted it
is a "no reply" address and there should be no expectation of the
address working, it contributes to a negative spam rating for the
"meteor.com" domain and a surplus of extra e-mail.

The correct way to set the default "from" address is by setting:

    Accounts.emailTemplates.from = "Name <email@domain.com>";

As per the documentation here:

    https://docs.meteor.com/api/passwords.html#Accounts-emailTemplates

By changing it to "example.com", and making a more obvious "example"
out of the name ("Accounts Example"), it should encourage users to
actually change the address to something more reasonable especially
since many e-mail providers will also reject mail coming from
"example.com", which should provide a clear warning to those who have
their e-mail misconfigured.
@abernix abernix self-assigned this Jun 5, 2017
@n1mmy
Copy link
Member

@n1mmy n1mmy commented Jun 5, 2017

Thanks, @abernix ! 👍

@dr-dimitru
Copy link
Contributor

@dr-dimitru dr-dimitru commented Jun 5, 2017

@abernix could we use an invalid value, localhost or even take a value from ROOT_URL ?
Wouldn't this lead to a negative spam rating for example.com

This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.

This is not a docs, it's working code.

@abernix
Copy link
Member Author

@abernix abernix commented Jun 6, 2017

@dr-dimitru localhost is not an invalid value for a "from" address and I'd rather not make assumptions about their mail handling desires by inferring a value from MAIL_URL.

example.com, on the other hand, is a reserved second-level domain per RFC 2606 and respected by IANA. I don't know any reputable e-mail providers that will accept mail from it (most result in an immediate failure, even before trying to route it).

While the page at example.com says it's for documents, the RFC doesn't make that specific designation and the domain has no MX records – so besides the fact that it's not deliverable, its spam rating doesn't matter. All in all, I think example.com is a safer bet.

abernix added a commit to meteor/docs that referenced this pull request Jun 6, 2017
@abernix abernix added this to the Release 1.5.1 milestone Jun 6, 2017
abernix added 2 commits Jun 6, 2017
Since changing the default "from" address could actually be a breaking
change for some applications, bump the version to 2.0.0.

Relates to #8760.
@dr-dimitru
Copy link
Contributor

@dr-dimitru dr-dimitru commented Jun 6, 2017

@abernix agree.

@abernix
Copy link
Member Author

@abernix abernix commented Jun 6, 2017

As this could be breaking for anyone who hasn't configured Accounts.emailTemplates.from (but instead left it at the default of meteor.com), I've bumped the version of accounts-password to 2.0.0 and added a History.md entry (see above). Therefore, this will be released with Meteor 1.5.1 since major version numbers are constrained by the meteor-tool release.

@abernix
Copy link
Member Author

@abernix abernix commented Jun 13, 2017

I've verified that an error is thrown by email (rather than just remaining completely quiet about it) when the MTA/mail provider refuses to accept delivery for a particular host (like example.com). This was the last thing waiting to be verified before this was merged.

@abernix abernix merged commit f65a72f into devel Jun 13, 2017
4 checks passed
4 checks passed
CLA Author has signed the Meteor CLA.
Details
ci/circleci Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@abernix abernix deleted the abernix/change-default-email branch Jun 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.