moderated Re: Changing email address security issue #misc


My opinion: someone not part of the support team should not be able to change a member's email address, even if that member is only a member of that one group, and even if it's a premium group (unless you have some contractual obligation).

A group owner could be fooled by someone pretending to be the user in question, tricking them into locking out the real user.

There are workarounds.

1. Walk the user through changing their own email, if that works out.
2. Remove the old email from the group, and direct add the new email. (If this was a mistake, it can be easily fixed.) The account with the new email won't be able to do things like delete messages posted by the old email, but someone who can't figure out how to change their own email address probably won't be doing that, anyway.
3. Contact support. This can also be used for situations like "There are 500 users in my group from who need to have their domain changed to following a corporate takeover."


Join to automatically receive all group messages.