Opened 3 years ago

Closed 2 years ago

#5534 closed defect (bug) (fixed)

Add limits to prevent high-triggering notifications

Reported by: dd32's profile dd32 Owned by:
Milestone: Priority: high
Component: General Keywords:


Currently notifications accept whatever is given to it, but that can cause notifications which trigger on most support threads.

For example, there's a user with a matcher for 'WordPress', and two for other common terms such as 'Help', 'Login', 'Music', 'Google', '404', etc.

In addition to those, it's also not uncommon for spam accounts (and pentesters alike) to inject spam notifications whilst looking for forms on that will accept their input.

The ultimate result of these is that sends far more emails than it should, which causes processing delays on every new support reply, and causes more people to mark emails as spam / unsolicited which affects our ability for legitimate emails to be received.

There's two options I can think of to help out here:

  1. Require an email confirmation before enabling a notification
  2. Disable notifications which trigger too often, ie. If it exceeds 10 per day, disable it.

Change History (2)

#1 @dd32
3 years ago

Additionally, notifications should be disabled/deleted if a user is marked as banned/spammed.

#2 @dd32
2 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I've done some work on this recently, including:

  • Notifications: Add an unsubscription and notification management link to the footer of matcher notification emails.
  • Notifications: Add a enable/disable functionality, to allow temporarily disabling notifications without deleting them.
  • Notifications: Record a lifetime hitcounter for matchers in the DB
  • Notifications: Include a more specific reason why they're getting the email in the notification emails.

For example, there's a user with a matcher for 'WordPress', and two for other common terms such as 'Help', 'Login', 'Music', 'Google', '404', etc.

There was also a matcher for 'the' which was being triggered thousands of times a day :) That has since been disabled.

After disabling the worst notification offenders, the number of matchers triggers are significantly reduced. But there are still some that are getting hit ~25 times a day.

I'm marking this as fixed for now.

Note: See TracTickets for help on using tickets.