| Summary | identity creation auditing |
| Queue | IMP |
| Queue Version | 4.2 |
| Type | Enhancement |
| State | Accepted |
| Priority | 1. Low |
| Owners | |
| Requester | liamr (at) umich (dot) edu |
| Created | 06/17/2008 (82 days ago) |
| Due | |
| Updated | 06/30/2008 (69 days ago) |
| Assigned | |
| Resolved | |
| Attachments | |
| Milestone | |
| Patch | No |
State ⇒ Accepted
trigger validation (admins will be responsible for ensuring that their
regexps don't let too much in of course)
2. I'm okay with adding a "central_validation_email" that if set would
get all confirmation requests.
- redirect the identity confirmation messages to a central address
(perhaps Horde's $conf['problems']['email'])
- only invoked identify confirmation messages if the Reply-to or From
contained a domain other than that server's "maildomain"
State ⇒ Feedback
to do it in a way that doesn't make Horde overly complicated?
Patch ⇒
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ identity creation auditing
Type ⇒ Enhancement
Priority ⇒ 1. Low
State ⇒ New
- was only invoked when creating an identity with a non-local From / Reply-to
- could be directed to central administrative user
Spammy users often control the addresses they use as From and
Reply-to, so we don't gain a lot by having them confirm their spammy
yahoo account.
Maybe there could be a web based admin tool to approve / deny
identities.. something where the identity in question was displayed to
the admin, so they could better judge whether the id was legit.