Open katska opened 2 months ago
One way to address this is do signup by sending e-mail and authenticate it using DKIM bypassing all "register" friction.
I built a datapipeline for my open source meetup.com displacer that works entirely via e-mails for RSVPs etc.
Spammers typically don't operate proper e-mail infrastructure and "grey rocking" works on them making it more computationally expensive to register accounts with valid e-mails.
This way anyone who registers sends an e-mail using modern e-mail infrastructure and then the account can be created for them to access without any further friction other than sending an e-mail.
If interested I can PoC it for you.
This is really weird, and is (possibly) an upstream issue.
Alaveteli doesn't appear to be doing email address validation properly when a user signs up.
See https://www.righttoknow.org.au/admin/users/8386
@benrfairless RTK allowed me to sign up for an email address without a complete email address - I accidentally didn't include .com !