Ah good old fetchmail. How did I forget you. Thanks Melvyn, It looks really really mature an full featured. As far as security and identifying the user I was planning to use Django's Cryptographic signing<https://docs.djangoproject.com/en/1.4/topics/signing/>and to put a signed value contained the user details and record they are approving or reject by email. That way I don't have to rely on the SMTP headers. There is also the added benefit of being able to use the TimestampSigner class so that messages could expire after a certain period if the user didn't respond to them.
On 12 August 2012 11:31, Melvyn Sopacua <m.r.sopa...@gmail.com> wrote: > On 10-8-2012 17:23, Paul Backhouse wrote: > > > Has this already been done? Does my google-fu escape me? If it hasn't > > already been done, why not? And are there any modules out there that can > > be dropped in to speed development? Any tips on developing this app? > > An email gateway is what exposed contrib.auth's problems to me, because > it has the email stored on the user account info, you can only match one > email per user. In a world where people use several accounts or server > addresses with 'subdomains', having only one registered address per > account isn't practical. Also, match a user based on SMTP headers is not > very secure. > > Another approach that you can observe in the wild is to have 'secret > email addresses'. In the user account information an email address at > the site's domain is made available that the user can send comments or > content to. The drawback here is that it's very sensitive to identity > theft as the assumption is made that only that user knows that address. > > So very quickly, you come into the dark realm of requiring some kind of > authentication key associated with the email message and while for us > techies this is trivial, explaining that to casual internet users has > been a problem since the inception of S-MIME and PGP. > > I imagine most projects that have attempted this principle strand on > this issue and the associated spam nightmare. > > -- > Melvyn Sopacua > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
