Send recovery code from no-reply email from domain

Question

Send recovery code from no-reply email from domain

tuliocasagrande opened this issue 7 years ago · comments

We are currently sending the recovery code emails with the team@pixelated-project.org address. We would like to send it with something like no-reply@<domain-name>. For this, we need to ensure this user is reserved and the domain name is retrieved from current domain, dynamically.

Acceptance Criteria

When I submit my back-up account email, I should receive an email with the whole recovery code from the no-reply@<domain-name> email (i.e, no-reply@wazokazi.is).

In Scope

Add this to user to the list of reserved words in webapp (https://0xacab.org/leap/leap_web/blob/master/config/defaults.yml#L37)
Retrieve the domain name before sending the email
Update the #927 feature to send it from this user
Update the text in the second step of account recovery flow to let the user know from whom the email came from

Out of Scope

Implementing the sending email feature

Depends on

#927

Anike Arni · Answer 1 · Fri Apr 07 2017 23:07:37 GMT+0800 (China Standard Time)

@SweetVirginia , let's use this to start the discussion of what the user name for the "no-reply" email should be!!

Virginia Stefanello · Answer 2 · Sat Apr 08 2017 01:03:50 GMT+0800 (China Standard Time)

Since our idea is to sent a code so people can recover their account in case they forget their password. No-reply may look look like a spam or any other spammy newsletter.

Some more reasons why no-reply isn't the best solution:

No-reply addresses lead to more spam complaints;
In some countries sending emails with a no-reply address is not allowed.
Large companies like amazon use no-reply e-mail-addresses for sending out newsletters. First of all they will get hundreds of replies because of mail delivery failures or out of office replies. Then they avoid spamming replies, because it is easier to just hit the reply-button than going to their homepage and use the contact form.
Do not reply: I want to talk to you, but I don't want to listen.

Can we have the Pixelated logo (the box) as a picture so people can relate the message with the place they were creating account?

Since is an automatic email, we could call -brainstorming alert- "recovery@youraccount.org" or "robot@youraccount.org" or "admin@youraccount.org" or even "pixelated@youraccount.org" or "pixelated-support@youraccount.org" or "important@youraccount.org" hahaha this last one looks like phishing, sorry 🤣 ; @olabini do you know any security best practices for this?