Bill48105 wrote:Does the user define the word via web admin or how does hmail know what the secret word is?
The user defines the word by giving it to whomever he wants. Perhaps i wasn't clear enough.
You give an email address as email@example.com
to the website
If whateveryouwant has never been used before for user bob then it is added to bobs list of words.
hMail realises it's a greylist bypass word because of the # delimeter
Email passes without delay this first time only.
If anyone tries to use firstname.lastname@example.org
to send another email. hMail knows that whateveryouwant has been used already and subjects the email to greylisting as per normal. That way noone has to mess around with logging in, setting up magic words or anything similar, it just works. Doing it this way stops people selling your email address with the magic bypass code and forever more passing greylisting with it.
Bill48105 wrote:Sounds like these need to be stored in table so I'd hope for a cleanup mechanism so it doesn't get too cluttered full of old words.
I would say they would have to be stored for the duration. If a website sells your email@example.com
email address if whateveryouwant was removed it would bypass greylisting.
Is the word after username part to make it easier to parse or avoid conflict with another mechanism? (vs firstname.lastname@example.org
bob#blah@domain is the same way plus addressing works already, makes sense to use the same way to avoid confusion.
Along the same lines it might be useful to allow users to disable greylisting (and possibly even spam checking) for their box for a short duration of time, not just for a set sender or requiring a code/special email address. Suppose they'd need to log into the web admin before signing up somewhere & enable it but guess that'd be a different feature request.
I have requested user specific greylist whitelist entries somewhere. Once that is added i'll update my greylist script.