Use unique Reply-to email addresses

[tillprochaska]

When processing inbound email, we use the From address to find the corresponding contributor record in our database. The problem: It’s easy to spoof the From header.

• The inbound email address for our campaigns is the same for all contributors and is also part of our codebase, i.e. it should be considered public info.
• A is a contributor who has signed up for one of our campaigns.
• B sends an email with the From header set to A’s email address. (B would either need to know A’s email address and that A takes takes part in the project, or B might randomly try out email addresses.)
• 100eyes would display the email contents as a reply from A, even though it was sent by B.

Email spoofing is a fundamental problem of the email protocol. All solutions to this problem (e.g. DKIM, SPF) are somewhat complex to implement, and more importantly, rely on the sender to configure their email server to support them (or to use a email provider that does that).

A common solution to this problem are Reply-to addresses that are unique for each contributor.

• Given there are two contributors C1, C2, and an editor E.
• E sends a new request.
• The request is sent as an email to C1. The Reply-to address is secret-1@100ey.es.
• The request is sent as an email to C2. The Reply-to address is secret-2@100ey.es.
• Replies to addresses other than the contributor-specific address would be bounced or flagged.

[drjakob]

Just one thought: Could changing reply-to-addresses also be a smart solution to assign the answers to the right questions?

[tillprochaska]

Yeah, I think we talked about related approaches to solves this problem some time ago. Actually, you wouldn’t need to have separate email addresses for that, there already are email headers like References and In-Reply-To that are used by email clients to convey information about the original message etc. Those headers are also used to display multiple emails in a thread/conversation (see #204).