Moin, > Create a random generated mail address that the person needs to send > an email to. Verify SPF/DKIM/DMARC strictly, so forging is much > harder and reject it with a proper message, maybe with a link that > explains the result. Yeah. I thought about that. _Technically_ the whole thing can also be done by just presenting links for users to click on on the web page. However, that reduces the usability of the service a lot, as some clients do funny things for mailto: with a lot of Cc:, and users apparently struggled a bit with it as well. Being able to hit 'reply all' seems to be a bit easier, in general. :-/
Concerning the strict verification mail-in before: I thought about that; But given that this is a service to test whether you configured spf/dkim/dmarc correctly... making that being correctly configured a prerequisite would be kind of... difficult. ;) > Use a captcha to make it harder for non-humans. Actually, looking at the access logs for those requests, i am not 100% convinced that this is automated and not some shady 'clickworking'. > That should massively reduce the amount of unsolicited mail. Yeah; Luckily 'disable mail sending for gmail/MS/Yahoo' already is surprisingly effective at that (getting close to 0 mails getting through; Even though it seems it needs a bit more fine-tuning.) With best regards, Tobias -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tob...@fiebig.nl _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop