Contact Us e-mail field is not fully validated

[Makoto]

I'm not really sure if you want to consider this a bug or not, but when submitting support requests, the e-mails are not validated against the list of banned e-mails (as they are not technically passed as "account emails" and thus do not go through those checks")

This was brought to my attention by a client here:
https://dev.taiga.sh/ips/Indisposable/issues/4

[bfarber]

If someone was banned by mistake, and we didn't allow them to use the contact us/support requests because their email was banned, they'd never be able to contact you to let you know of the issue. We've debated checking against the spam service for this purpose in the past but always come to the same conclusion.

[Makoto]

1 hour ago, bfarber said:

If someone was banned by mistake, and we didn't allow them to use the contact us/support requests because their email was banned, they'd never be able to contact you to let you know of the issue. We've debated checking against the spam service for this purpose in the past but always come to the same conclusion.

Fair enough, that's why I was unsure about it.

I've still added in a check for disposable e-mails in my application because.. well, requesting support from a disposable e-mail is still silly, but I can see why blocking banned e-mails would cause issues.

I do have occasional spam problems from the contact us field even with captcha enabled, but it's not a huge issue.

[KT Walrus]

3 hours ago, bfarber said:

If someone was banned by mistake, and we didn't allow them to use the contact us/support requests because their email was banned, they'd never be able to contact you to let you know of the issue. We've debated checking against the spam service for this purpose in the past but always come to the same conclusion.

You should simply check if the email address is banned and mark the incoming email as coming from a banned email address (perhaps by inserting a "banned" tag in the Subject line or in the body of the email.