moderated Re: Changing email address security issue #misc


 

Pete,

I agree with J - I just don't think the risk outweighs the benefit to
the users. Maybe I'm missing some key point about the value of this
capability?
As others have discussed, I think the primary use case for the feature is assistance to group members who are having trouble maintaining their subscription.

That's why I suggested limiting it to members who have no other subscriptions - they are the most likely to be brought to Groups.io by that group, quite likely email only, and possibly naive about how it all works. There will be exceptions, but my theory is that most people with more than one subscription will be a step or two up in terms of using Groups.io's account features.

I think also that trying to improve the security of the feature by sending a notice or confirmation request to the /old/ address is particularly likely to fail - the member in need may not have access to that Inbox any more, or it may be at one of those services most apt to reject or quarantine messages from Groups.io.

Shal

Join main@beta.groups.io to automatically receive all group messages.