| Summary | Optional CAPTCHA support for the compose window |
| Queue | IMP |
| Queue Version | Git master |
| Type | Enhancement |
| State | Rejected |
| Priority | 1. Low |
| Owners | |
| Requester | aaronp (at) critd (dot) com |
| Created | 02/19/2016 (3445 days ago) |
| Due | |
| Updated | 03/08/2016 (3427 days ago) |
| Assigned | |
| Resolved | 03/08/2016 (3427 days ago) |
| Milestone | |
| Patch | No |
I wonder how difficult it would be to add support for this as just
another safety net.
State ⇒ Rejected
publicly accessible without authentication. Requiring CAPTCHAs for
such common actions like writing email messages, even though you are
already authenticated, is a major pain IMO. We already implemented a
bunch of features to limit the impact of spammers gaining access to a
valid email account, like rate and recipient limits.
Priority ⇒ 1. Low
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ Optional CAPTCHA support for the compose window
Type ⇒ Enhancement
State ⇒ New
by distant IPs trying to send spam email using compromised user
accounts. Of course a big part of preventing this from happening is
educating our users on password safety, expiring weak passwords in
favor of newer, stronger passwords, etc. We're working hard on that,
but until the time where our users passwords are 100% strong, safe,
and secure (i.e. never), we'd appreciate additional tools to help
prevent or at least mitigate these risks.
One of the options that came to mind was CAPTCHA support for the IMP
compose window. We're not 100% sure these attacks have been bot-based,
but if only for peace-of-mind we'd like to be able to enable CAPTCHAs
(maybe through Administration > Configuration) during those times when
we feel we're being targeted. My initial preference would be for
Google ReCAPTCHA support, but other options might be just as good or
better. My needs are only for the IMP compose window, but I suppose
other apps could make use of similar functionality if this was
provided by the Horde core.