Amir,
* Amir Rohan (amir.rohan@mail.com) wrote:
> On 10/01/2015 09:18 PM, Stefan Kaltenbrunner wrote:
> > yeah - as Stephen said upthread I think that would be a very useful
> > feature...
>
> Great, here's a spec:
>
> 1) If the user is not logged in, error as the mbox downloads does.
> 2) If the user is logged in, retrieve the raw message from the db (like
> the "raw" link) does and send it via email (the system is already setup
> to do this) to the registered email address for the logged-in user.
>
> Threats:
> a1) Abusing the system to send lots of email to one victim.
> a2) Abusing the system to send one email to lots of victims.
> a3) DOS on the server through overuse by legitimate users.
> a4) DOS on the server through overuse by malicious users, possibly
> involving many accounts.
>
> To mitigate these, we:
> b1) Require a community login which involves an email verification step.
> mitigates (a1) and (a2).
Works for me.
> If a3 and a4 are concerns in practice:
I don't see that being the case here and so I don't believe we need any
particular safeguards for those cases.
Further, if we do, they can always be added later and don't need to
complicate the initial implementation.
Thanks!
Stephen