search

scanner / as_email_service

A Django app and smtp relay service for working with 3rd party email services and asimap
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Incoming spam notification webhook view #6

Closed scanner closed 1 year ago

scanner commented 1 year ago

When postmark received a spam complaint they send a message to this webhook.

When this happens we generate a notification message that encapsulates the spam as a rfc822 attachment and deliver it to the email account that was marked as sending the spam.

(in the future we may want to have a 'spam count' on the email account but for the user's of this project being probably only apricot systematic I do not think we have to worry about our users sending spam... but who knows what the future will hold.)

scanner commented 1 year ago

Maybe we could combine "spam count" and "bounce count" .. just treat spam complaints like they were hard bounces.

Probably should rename bounce_num in that case (and fix up help text.) This would also hook in to the 'they can send no more than 10 bounces in a day, and only one a day after that' due to the way we decay the number of bounces 1 per day.

scanner commented 1 year ago

Oh, right: Postmark treats spam complaints very seriously!


A spam complaint is recorded when a user clicks This is Spam or Mark as Spam from email clients like Yahoo, Hotmail, AOL, etc... from their inbox. While you should not have any spam complaints, they do happen. Once a spam complaint is recorded, Postmark will deactivate this address and will not let you reactivate it. 

In the email industry, spam complaints are a clear metric to determine abuse and poor sending practices. It’s important that we take these reports seriously to ensure the best delivery for all customers. If you feel a spam complaint has a reason for being reactivated, please contact Postmark [support](mailto:support@postmarkapp.com) directly.```

So if someone marks outgoing email as spam that address gets deactivated.

We should deactivate the email address and we should also send an email to 'abuse@<server domain>' reporting this.

As a follow-on we should make sure an EmailAccount for 'abuse@<server domain>'  is created whenever a server is setup.
scanner commented 1 year ago

Oh, wait 'address' is the address that was being sent to .. so the user can still send email. Just not to that address.

So we can still go with the several notifications and updates and deactivation. Not so draconian.