Hi Martin, I'm not authoritative on PII policies at all, but here's a couple of things that came to mind as I read your question.
2018-02-10 11:26 GMT+00:00 Martin Urbanec <[email protected]>: > To prevent this tool from spamming I of course require its confirmation by > accessing an URL with a random string (MD5 hash of user's email *and* random > number from 1 to 100; I mean, those two things are in one hash). > Does this mean the URL for a given email address can be guessed in at most 100 attempts by someone who doesn't control the address? I think you'd typically want to draw your random numbers from a much larger range, or use as token something that was encrypted or signed with a secret only your server knows. It would probably also make sense to make your URLs valid for only a certain time. However... > Should I stop with collecting mails at all and use some WMF-maintained > service for mass-emailing (mailman at lists.wikimedia.org maybe?) and > make the tool to just send an email to the list itself? > If creating a single mailing list is an option (for instance, you don't plan on customizing the emails per user), this seems like a very good way to go. > > This question came to my mind before creating, so I do appologize for > asking after programming. > > Best regards, > Martin Urbanec > -- > Můj kalendář najdete na https://martin.urbanec.cz/calendar.html > > _______________________________________________ > Wikimedia Cloud Services mailing list > [email protected] (formerly [email protected]) > https://lists.wikimedia.org/mailman/listinfo/cloud > -- Guilherme P. Gonçalves
_______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
