Ask HN: accepting submissions via email - usability/security concerns?
I just put in place the ability for users of http://ridewithgps.com to email a GPX file to our site as a method of posting their file. I implemented it in the easiest way possible - a single email address for all uploads, and I determine the account based on the From field. In a service like posterous, this is an obvious security issue, since the From can be spoofed. I am not so worried in our service, since it's mostly a private record keeping system. However, I would like to add some security as long as it's not greatly inconveniencing.
I'd prefer to keep it a single upload email address rather than let the user set their own custom address, for simplicity/rememberability. Additionally, I am wary of a passphrase, though this isn't too bad.
What do you guys think of sending a confirmation email for the submission, and then processing/posting the submission when a reply to the confirmation email is made? Seems like the easiest for users, even though it's a two step process. Thoughts? Ideas? Suggestions?
8 comments
[ 5.1 ms ] story [ 38.4 ms ] threadKeeps me from having to write an app for android, since My Tracks is a great logging utility! That, and other developers can easily integrate with our site using this option.
Perhaps a simpler idea though is to make sure the users can easily delete data or routes that are sent in via email. It doesn't really solve the "spam" routes that could be added to an account, but it does make it easy for a customer to clean it up.
Perhaps require confirmation if many routes are uploaded in a short amount of time.
Perhaps require a secret key hash to be included in the subject of the message.
I'd proceed until apprehended with #1. As long as it's simple to delete.
I like the confirmation idea, but which is more pleasing to the user (when a spam message is spoofed/sent in): to see dozens of emails coming in, or to see dozens of places suddenly added?
If it were me, I'd just implement a secret address code. If you're using gmail or something to host the email (and connecting via your web app), just use the '+' notation to extend a single email account. So submissions@app.com could be travis+submissions@app.com and go to the same mailbox (I'd change "travis" to a secret code... but the idea is the same)
I think I may just proceed and handle it if it becomes an issue, probably with a simple passphrase in the subject field.
I am not using gmail, I actually setup a postfix transport layer, which runs a simple ruby script that just pipes the email through a unix socket to a r receiving server - the server has Resque loaded up and queues up jobs to be handled by my resque workers.
Assign each user an email address that's based on (and I'm sure the likes of cperciva or tptacek can improve on this) an email friendly encoding of an scrypt or bcrypt derived function to generate a unique email address.
This can then be added to the user's address book under an alias for your service. You then store this value and the username in your app. When the email is received, you look up the unique source address and translate it to the user. Problem solved.