New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
email gateway: match from-email address against known users #20648
Comments
@asah can you explain the use case you have in mind in more detail? |
Hello @zulip/server-development, @zulip/server-integrations members, this issue was labeled with the "area: integrations", "area: emails" labels, so you may want to check it out! |
When replying to messages posted from the email gateway, they lose their association with the zulip-user who originated them:
strawman design: check the from: of the message, compare it to UserProfile.delivery_email and if they match, post the message on behalf of that user with (tbd) some indicator that it came via the gateway. |
I recently learned that zulip allows incoming posts via the email gateway even to streams of an invite-only organization. I expect that private zulip communities will eventually receive a lot of spam, once their stream email addresses become known or get harvested. For invite-only organizations, I think matching the from-email to a known user should be a requirement, and if a post can't be matched, then the post should be discarded (and log that this occurred). |
then synthesize a new message, as closely as possible as if the user had sent it from the UI...
(obviously, there's a security/impersonation risk for email coming from insecure domains e.g. not using DKIM/etc)
The text was updated successfully, but these errors were encountered: