On Fri, Jan 10, 2020 at 09:24 AM, Mark Fletcher wrote:
Excellent. But staying logged in still requires the cookie, and if the browser was hacked they could learn cookie, and continue hacking to the group.
Oh absolutely! You _need_ the login to access attachments! But it does make it more cumbersome to access the attachment, for people that do delete the cookies, but could receive larger emails... if only there were options larger than 5MB, but smaller than unlimited, to avoid bounces.
Another idea I've had, but realize it would be significant work, would be to make groups.io accessible via email protocols, such as IMAP, particularly. A user logging in via their email client could see one IMAP folder for each group they belong to, with the emails in the folder being the postings for that group. Posters wouldn't be limited by ISP limits on email size, distribution wouldn't either. IMAP clients & servers already have options (as Duane pointed out) to download attachments in advance or only when requested. The SMTP half of this email server would restrict To: to groups.io group email addresses, and From: to members of those groups, as per the group and member settings.
The benefits of this idea would be fewer limits on communications, fewer ISPs getting feathers ruffled by the volume of Bcc: addressed email traffic. Besides the complexity of adding such an email server, the costs would be to teach users how to have one more email address, used only for groups.io; extra bandwidth usage as emails would be retrieved from groups.io for each user, instead of the (assumed) bundled approach of sending one message to each ISP, where one (or hopefully more) group member has an account, it would be more point-to-point.
This could live alongside the current mechanisms, so there would be no requirement that group member switch to using a new email server. It would make it easier to post large attachments without ISP limits, when that is appropriate, and it would make it possible to retrieve large attachments without ISP limits, when they exist.
But simply having a couple extra limits of 10MB and 25MB would probably meet most of the needs, or configurable number of MB with a maximum of 25MB. In fact, the maximums for the bulk of email addresses are publicly documented, and don't change very often, so for common email domains, the limit could be that of the documented domain limit.