Default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS (True) results in spam emails
longhotsummer opened this issue · comments
Greg Kempe commented
The default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS
is True
. This means the default configuration of allauth is effectively happy to send spam reset emails to arbitrary email addresses.
I suggest this default is changed to False
.
Raymond Penners commented
But, if I signup using your email address, the system will happily spam you as well. So, changing the default does not prevent spamming yet does break backwards compatibility.