6.0.0-beta1
7/10/25

[#14263] Optional CAPTCHA support for the compose window
Summary Optional CAPTCHA support for the compose window
Queue IMP
Queue Version Git master
Type Enhancement
State Rejected
Priority 1. Low
Owners
Requester aaronp (at) critd (dot) com
Created 02/19/2016 (3429 days ago)
Due
Updated 03/08/2016 (3411 days ago)
Assigned
Resolved 03/08/2016 (3411 days ago)
Milestone
Patch No

History
03/08/2016 02:39:21 PM aaronp (at) critd (dot) com Comment #3 Reply to this comment
This is true, but if Horde already has a mechanism for CAPTCHAs, then 
I wonder how difficult it would be to add support for this as just 
another safety net.
03/08/2016 10:23:46 AM Jan Schneider Comment #2
State ⇒ Rejected
Reply to this comment
We already use CAPTCHAs in other applications for forms that are 
publicly accessible without authentication. Requiring CAPTCHAs for 
such common actions like writing email messages, even though you are 
already authenticated, is a major pain IMO. We already implemented a 
bunch of features to limit the impact of spammers gaining access to a 
valid email account, like rate and recipient limits.
02/19/2016 01:55:41 PM aaronp (at) critd (dot) com Comment #1
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ Optional CAPTCHA support for the compose window
Type ⇒ Enhancement
State ⇒ New
Reply to this comment
There have been times where our webmail installation has been targeted 
by distant IPs trying to send spam email using compromised user 
accounts. Of course a big part of preventing this from happening is 
educating our users on password safety, expiring weak passwords in 
favor of newer, stronger passwords, etc. We're working hard on that, 
but until the time where our users passwords are 100% strong, safe, 
and secure (i.e. never), we'd appreciate additional tools to help 
prevent or at least mitigate these risks.

One of the options that came to mind was CAPTCHA support for the IMP 
compose window. We're not 100% sure these attacks have been bot-based, 
but if only for peace-of-mind we'd like to be able to enable CAPTCHAs 
(maybe through Administration > Configuration) during those times when 
we feel we're being targeted. My initial preference would be for 
Google ReCAPTCHA support, but other options might be just as good or 
better. My needs are only for the IMP compose window, but I suppose 
other apps could make use of similar functionality if this was 
provided by the Horde core.

Saved Queries