[ZendTo] Drop-off by request only - has anyone else wanted this?

John Thurston john.thurston at alaska.gov
Fri Feb 1 23:01:53 GMT 2013


I've been asked by one of my bosses if we can remove the uninvited drop 
off feature. That is, it won't matter if you can supply an email address 
and answer a captcha. The only way you can drop a file off is by 
invitation with a "request code". The concern is the ability of an 
arbitrary outsider to use a semi-trusted email vector for phishing attempts.

I think it is a valid attack vector, but one which would be sufficiently 
slow and difficult to exploit that it doesn't concern me very much. 
However, I'm here to ask if anyone else has wanted or needed to disable 
this feature.

(Or, is the joke on me and there already IS a way to disable this feature?)

-- 
    Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska


More information about the ZendTo mailing list