https://bugzilla.wikimedia.org/show_bug.cgi?id=46640
Faidon Liambotis <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from Faidon Liambotis <[email protected]> --- So, this bug report was filed right after a conversation about Echo (RT #4785) in which I was the one to propose VERP, so we've actually ran a full circle now :) Yes, we need to do VERP and we'll make that happen. We're not ready yet for making that change (= making API calls from the mailservers) as the mail infrastructure is about to be rebuilt, but I think catching up again in, say, 1-2 months time would be the right time for this. From the mailserver side, we can run a script (preferrably one that doesn't need a full MediaWiki install on the system ;)) when emails to bounce-XXX addresses arrive. The way to avoid fake bounces DoSing a user would be to use a bounce-<hash>@wikimedia.org return path address with <hash> either being a random, stored token or one that is the output of a symmetrical encryption function, encrypt(email, secret). I'm sure Chris Steipp will have multiple good ideas about that :) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
