Open-Assistant icon indicating copy to clipboard operation
Open-Assistant copied to clipboard
verified publisher icon LAION-AI

Email spam potential

Open CactiStaccingCrane opened this issue 2 years ago • 2 comments

On Open Assistant if you type your email to the login page, it would send to you an email that contains the verification link. However, a bad actor can make a small script to harrass other users by spamming their inbox with unsolicited email. There should be a rate limit for sending the link to an email inbox in one session.

CactiStaccingCrane avatar Feb 07 '23 01:02 CactiStaccingCrane

This is true for any email magic link service right? Is anyone actually doing this?

fozziethebeat avatar Feb 07 '23 05:02 fozziethebeat

I don't think it's super urgent or dangerous atm, but it's the classical attack: If not rate limited, it could be "weaponized". Because of this, many services ensure rate limitation and similar.

blankster avatar Feb 07 '23 22:02 blankster

We now have a captcha for email signin

notmd avatar Feb 24 '23 15:02 notmd