Abuse Scenario: Email and System Load #185
Comments
|
Thoughts: 1.) does not undermine anonymity, as we would not require the user to expose any link to her personal identity (it would be fine to use services like trash-mail.com), and I don't think verifying one's email is an unreasonable hardship for users. 2.) is still prone to bulk account registration and then creating/deleting domains / sending multiple emails until the limit is reached. With email verification, that can still happen, but one can only target oneself. 3.) is similar to 1.), i.e. an attacker can send one email to a random address. I would drop idea 2.) because it still leaves attack surface. Comparing 1.) and 3.), 1.) has the nice side effect to also help avoid having accounts with typos in the email address, so the fraction of account holders that we can actually reach if we need to (downtime announcement, misconfiguration (domain became public suffix?), abuse, ...) increases. Overall, I'd thus vote for 1.) |
Creating domains under
dedyn.iouses a lot of CPU resources and sends an email to the account holder. This can lead to abuse in two ways:Create high system load. A test run creating and deleting a domain 100 times lead to this load just after the 100th delete:
Send unwanted emails to any recipient. For
dyn=Trueusers, creating a new domain will trigger sending out a welcome email. As we do not require email address ownership to be verified, this can be abused to send an unlimited number of email to any recipient, at a rate just above 1/s.Proposed steps to resolve this:
dynflag).The text was updated successfully, but these errors were encountered: